Reverse Engineering Asked by stackoverflowperson on September 30, 2021
I’m trying to byte patch a 12 year old program written in MS Visual C++ V9. However, some of its code has been packed with ‘Lock Express V2.0’. I’ve loaded the executable in IDA and run the Universal PE Unpacker with success. I’m now able to inspect much more of the code and have identified the actual OEP. What I’d like to do is rebuild the unpacked memory into a new PE file so that I can start byte patching. My unpacking skills are poor but I believe I need to reconstruct the Input Address Table and fix the Header? Could I get some recommendations on how to do this? Programs, scripts, tutorials? Any help would be greatly appreciated.
I you really want to try making the unpacked executable, OllyDumpEx works in IDA too.
However, there is an alternative approach: a loader. This is a program which starts the target in paused state, puts breakpoint on OEP or some initially called APIs then lets it run. Once the breakpoint is reached, you can patch anything you need. This way you don’t need to bother with making an unpacked executable and bypassing anti-unpacking protections (if there are any).
Answered by Igor Skochinsky on September 30, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP