Selamat Datang Di Bandith Hacker
Nikmati Berbagai Fitur Serta Thread Yang Kami Sediakan Untuk AganĀ² Semua !!!

bagi anda yang belum memiliki ID..
anda bisa melakukan REGISTRASI di Link ini

DAFTAR
Selamat Datang Di Bandith Hacker
Nikmati Berbagai Fitur Serta Thread Yang Kami Sediakan Untuk AganĀ² Semua !!!

bagi anda yang belum memiliki ID..
anda bisa melakukan REGISTRASI di Link ini

DAFTAR
Would you like to react to this message? Create an account in a few clicks or log in to continue.



 
ForumIndeksLatest imagesPendaftaranLogin
Login
Username:
Password:
Login otomatis: 
:: Lupa password?

Chat Box
Web/Forum Sponsored
Top posters
baek_hati (510)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
ndhadoank (75)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
drie88 (72)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
bandith (48)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
yosua (29)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
-|HaNg|-|UpiN|- (27)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
kidoidoank (24)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
moceptidakmati (15)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
azyeex (14)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
bandith_bie (10)
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_voting_bar Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap 
April 2024
MonTueWedThuFriSatSun
1234567
891011121314
15161718192021
22232425262728
2930     
CalendarCalendar
Social bookmarking
Penanda dan berbagi alamat bandith Hacker di situs bookmarking sosial Anda

Bookmark and share the address of on your social bookmarking website
Pencarian
 
 

Display results as :
 
Rechercher Advanced Search
Anda AdaLah Pengunjung Ke
Free Statistics Counters
Free Domain
CO.CC:Free Domain

 :: Software Engineering
 

  Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan

Go down 

Mudah Dimengerti ??
Ya
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap0% Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap
 0% [ 0 ]
tidak
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_lcap0% Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_vote_rcap
 0% [ 0 ]
Total Suara : 0
 
Back

PengirimMessage
bandith
Admin
Admin
bandith


Jumlah posting : 48
Join date : 23.07.10
Age : 35
Lokasi : Indonesia

Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan Empty
PostSubyek: Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan     Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan I_icon_minitimeThu Sep 09, 2010 9:25 am
Watch Online Tutorial : Click Here

Download Archive : Click Here

C:\Yodas Protector Unpacking.swf
Build 2 successfully completed
Created at: Sat Aug 14 08:28:53 2010
Flash player required: v6.0 or above
Size: 1654 KB
Total frames in main movie: 5160
Playback frame rate: 20
Approximate playback time: 258 seconds

Annotated text transcript:

Unpacking Yoda's Protector 1.03.3
Tools :

-OllyDBG
-OllyDump
-IsDebugPresent (If you need)
-LordPE
-TargetFile

This Tutorial is writen by Richard Irfan Yusan

richardyusan@rocketmail.com
The TargetFile ;-)
yoda's Protector 1.03.3 -> Ashkbiz Danehkar
Entryopy : PACKED
EP Check : PACKED
Load the target file to OllyDBG
Set your Exceptions Settings like this
make sure this checkbox is checked
If User32.dll already loaded into memory, set your ollydbg events setting back to normal
Uncheck !
Right Click > Go To > Expression

Or

CTRL + G
Type "BlockInput"
Fill with NOPs
Place Breakpoint here
F2
Now, we must fix IsDebuggerPresent

there are two method :

1.Manual Fix : Continue watching
2. Using IsDebuggerPresent OllyDBG plugin , you can skip this step
MOV EAX,0
GetCurrentProcessId

Case sensitive
Yoda uses CreateToolhelp32Snapshot to retrieve all running processes. Then , yoda search for process that started unpackme and it checks does that proces has same PID as unpackme itself. If not, yoda terminates that process which is OllyDbg.exe in our case. If we patch CreateToolhelp32Snapshot API, we will get Invalid_Handle exception. But there is another very easy way how to trick yoda. Yoda uses GetCurrentProcessId API to retrieve it's own PID. We can make yoda think that it is ollydbg.exe if we set that API to retireve olly's PID. How we can do that? By injecting simple patch.
00000730 is OllyDBG PID
730 mean ollydbg pid
Run Debugged Program

F9
We land at this breakpoint :D
Run Debugged Program Again

F9
Set Memory BP on access
OEP
CTRL+A to analyze this code
UnPackMe file run without error :D
;-)
Entropy : NOT PACKED
EPCheck : NOT PACKED
And UnPackMe Unpacked succesfully !

Credits:
richardyusan.wordpress.com
Kembali Ke Atas Go down
https://bandith.indonesianforum.net
 
Unpacking Yodas Protector 1.03.3 Tutorial by Richard Irfan Yusan
Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
 :: Software Engineering-
Navigasi: