Unfortunately, this site has restricted functionality as this browser does not support the HTML button formaction attribute.
Unfortunately, this site has restricted functionality as this browser has HTML web storage turned off.

UnPacking XPack (Almost) Any Version. by Independent (IND)

11022 of 23,881 files
  • SHT / Text   How to
  • 2 kB   DOWNLOAD   SHARE
hide RetroTxt from Defacto2   The open source WebExtension to view many ANSI, ASCII and NFO files in a browser. Available for Chrome Firefox Brave Edge.
[+] Configuration Select all
                   ■ UnPacking XPack   (Almost) ANY VERSION ■
────────────────────────────────────────────────────────────────────────────────

1. Tools for the "Job"
~~~~~~~~~~~~~~~~~~~~~~
A. The debugger i used is Win-ICE v3.0 and i STRONGLY reccomned it.
   but for this EXE Protector you can use ANY debugger you want :)

B. To dump the unpacked code to disk use DumpEXE or any other util from that kind.
   i already assume you know how-to use it :) 



2. UnPacking :-)
~~~~~~~~~~~~~~~~
Comment: to dump this code we will use 3 Break-Points.

A. Load the packed EXE into the debugger, DO NOT RUN!

B. Now browse about 30 lines forward until you reach: ──> 
   AND BYTE PTR [xx+xx],xx 
   IRet                    ; this is the end of the first protection layr.

C. Set break point on the IRet, and run.

D. Continue browsing about 30 lines forward untill you reach ──> 
   MOV AX,xxxx
   PUSH AX
   RETF                    ; the end of the second layr.
 
E. Set Break-Point on RETF and run.


F. Continue Browsing forwards about 100 more lines, until you reach ──>
   STI
   XOR AX,AX
   JMP xxxx:xxxx ; a far jump to the original CS:IP

G. Set Break-Point on the JMP xxxx:xxxx and run, now trace 1 instruction.

H. You are READY to dump the code to disk...:)

I. Remember this is for ALL versions so Break-Point addresses WILL be different!


 Note: if the methode i gave here doesn't work, kill yourself or 
       just figure out how-to unpack it without this shitty little doc! 



√ (C) by ACP! <acp@fear-me.com>


■ if you have no use with this doc, you can print it using your favorit paper 
  and wipe your ass..:)

■ Greetz fly out to:
  Surva, Dark Stalker, Marquis, Lost Soul, riDDLER, Lord Byte, Kab, JAMMER, PSA!
  rAND0M, Ka0t, Leddy, Sharp, XLogic, Misha, Solar Designer, tKC, tHATdUDE, 
  Samplex, Musashi, Zanzibar, XPhiLeZ.
  
  And the rest of you, forgotten punks! :-]
XPACK.SHT 82x62 Font
82