ž UnPacking XPack   (Almost) ANY VERSION ž
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

1. Tools for the "Job"
~~~~~~~~~~~~~~~~~~~~~~
A. The debugger i used is Win-ICE v3.0 and i STRONGLY reccomned it.
   but for this EXE Protector you can use ANY debugger you want :)

B. To dump the unpacked code to disk use DumpEXE or any other util from that kind.
   i already assume you know how-to use it :) 



2. UnPacking :-)
~~~~~~~~~~~~~~~~
Comment: to dump this code we will use 3 Break-Points.

A. Load the packed EXE into the debugger, DO NOT RUN!

B. Now browse about 30 lines forward until you reach: ÄÄ> 
   AND BYTE PTR [xx+xx],xx 
   IRet                    ; this is the end of the first protection layr.

C. Set break point on the IRet, and run.

D. Continue browsing about 30 lines forward untill you reach ÄÄ> 
   MOV AX,xxxx
   PUSH AX
   RETF                    ; the end of the second layr.
 
E. Set Break-Point on RETF and run.


F. Continue Browsing forwards about 100 more lines, until you reach ÄÄ>
   STI
   XOR AX,AX
   JMP xxxx:xxxx ; a far jump to the original CS:IP

G. Set Break-Point on the JMP xxxx:xxxx and run, now trace 1 instruction.

H. You are READY to dump the code to disk...:)

I. Remember this is for ALL versions so Break-Point addresses WILL be different!


 Note: if the methode i gave here doesn't work, kill yourself or 
       just figure out how-to unpack it without this shitty little doc! 



ū (C) by ACP! <acp@fear-me.com>


ž if you have no use with this doc, you can print it using your favorit paper 
  and wipe your ass..:)

ž Greetz fly out to:
  Surva, Dark Stalker, Marquis, Lost Soul, riDDLER, Lord Byte, Kab, JAMMER, PSA!
  rAND0M, Ka0t, Leddy, Sharp, XLogic, Misha, Solar Designer, tKC, tHATdUDE, 
  Samplex, Musashi, Zanzibar, XPhiLeZ.
  
  And the rest of you, forgotten punks! :-]