.i have a packed exe file with a unknown packer, so i have to unpack it by hands. But when i open it using OllyDbg, it can't pause at the EP, OD has running status. Here, the exe has not a GUI, so i can see nothing. This exe file is attached to another program, when the other program(main program) start, this exe would be invoked. I want to use od to attach this sub-process, but i can't find it in the attach window of OD, although i can see both of the two process in task manager's process list. So, i want to know why? and how to resolve it?Thanks.
If i use OllyDbg to open it, i can do nothing, even to insert a breakpoint. So, I load it using Syser. Good, Syser can pause at the entrypoint, I can find the OEP successfully. When the control want to jump to the OEP, i modify the code to a endless loop. Then i return to Windows and want to dump it using PETools, but unfortunately, the process has exited. So, I can do nothing as normal.
So, after Syser load the program, I press F5 to return Windows, I can dump the program's memory using PETools. Then, I open ImportREC and input the OEP i have found, good, it afford to fix the dumped file successfully.
But the unpacked exe file can't replace the original one, if i did, the main program(the caller, which invoke the program) will be encounter a fatal error and have to closed. I can open my unpacked exe file using OllyDbg now, but when i press F9 to run the program, OllyDbg will pause one time after one time, it says "Debugged program was unable to process exceptions".
I want to know, what's wrong with it? How to dump such a program's memory when it goes to its OEP?
Thanks
Regards,
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}