TechQA.

Unpacking WinUpack 0.39 with Ollydbg 1.10

494 views Asked by At

I am new to reverse engineering and I am trying to unpack an executable packed with WinUpack 0.39.

After the packing I launched the executable and it worked fine.

When I run it in Ollydbg 1.10 after few instructions it gives me an error of Access Violation. I tried shift-f9 but the exception handler can't deal with this exception.

The error occurs in the line at address 0036FC1A You can see the image of OllyDbg here

How can I deal with this? Thank you for the answer

reverse-engineering ollydbg
Original Q&A
1

There are 1 answers

0
fpmurphy On

Assuming that you are now trying to unpack the WinUpack-packed binary using OllyDbg...

Finding the OEP in a WinUpack-packed binary is very difficult. It is in the middle of the unpacking stub and jumps a relatively short distance, so finding the tail jump is difficult.

The best way I have found to find the tail jump is to set a breakpoint on GetProcAddress and then single step until you find the tail jump.

See https://www.aldeid.com/wiki/Category:Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers/WinUpack for more information.

Related Questions in REVERSE-ENGINEERING

Related Questions in OLLYDBG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions