THISThanks to allTmCWarning: Division by zero in modulesnavigation.PREMISSES:The target I am unpacking is SwishJukeBox.2) How can i find what API functions have been stolen by PEBundle and restore them?NOTE: If I fix IAT with invalid pointers and leave everything untouched, the executable runs like a charm, but i want to CUT out all pebundle sections, and if i do that, it does not matter if i cut out invalid thunks or not, but the executable crashed reading those thunks.Hi all, I searched throughout all the forum but cannot find an answer to my questions. I am trying to unpack it because the Markus generic crack works only in part.php(65) : eval()'d code on line 1Anyone else picked it up?I'm currently joining in a online franchise with some friends in the UK but we've only got 6 or 7 of us playing which means that I'm playing like 3 games against people and the rest of them are CPU.OPERATIONS PERFORMED:Unpacking PE Bundle is easy, F8, F8, Follow ESP in dump, HWBP on Execution, F8F8 and we land on the next shell OEP. bypassing it studying just a bit the code leads to some final code and to a JMP EAX, F7 on that and we are at the OEP.This done 3 times leads to the Crypkey OEP.What do you advice as resource viewer OR how can i rebuild resource section?EDIT: Used Res Tuner but discovered that the disabling function is performed at runtime so no need of a resource editor.The program is packed 3 times with PEBUNDLE and once with CRYPKEY. Run ImpREC, type in OEP and all thunks are OK, except the Kernel32 one that has 4 invalid pointers.QUESTIONS AND CONCERNS:Tracing 1, 2 and 3 does not take to the solution. I tried to go to one invalid thunk in Olly, it leads to code stored in pebundle section where there is some weired code but no signals of real API funcions (maybe are custom coded ones)Now the questions are two:1) Is it CrypKey or PEBundle responsibles of this IAT mangling? To this question i'm fairly sure that it is PEBundle, since i read on other tutorials that crypkey does not corrupt the IAT.Anyone interested in joining in? Most games will be at weekends probably UK evening.To find the REAL OEP, it is a piece of cake, i just need to trace with f8 till i reach weired unpacking sequence.Have anyone encountered this problem again and came up with a solution?--------------------------------------------------------------------------Second question: (banal)The resource section is a bit mangled and when i open it with reshacker it is not able to display dialogs.IAT seems good, so Run LordPE and dump
jumpman23;authentic air jordan retro;100% authentic air jordan;topdealuk;bigukdiscount ï¼?75offdiscount,bestdiscountuk,latestdiscountuk,findukdiscount,jordan 2 retroï¼?a href="http://www.befreshkicks.com/authentic-air-air-jordan-5-discount-on-sale-11">jordan 5 shoesï¼?a href="http://www.kickzpro.com" title="exclusive jordans">exclusive jordans
