IAT built at runtime Dlls loaded by loader one api entry per dll left
Transfer Command
61 POPAD
E9 [4Bytes] JMP [offset]
Entry Point Signature
60 PUSHAD
BE [4 Bytes] MOV ESI[Value]
8DBE [4 bytes] LEA EDI, DWORD PTR DS:[ESI+Value]
57 PUSH EDI
83CD FF OR EBP, FFFFFFFF
EB 10 JMP SHORT [Relative Jump]
90 NOP
90 NOP
90 NOP
90 NOP
90 NOP
90 NOP
Known Unpackers
http://www.mycgiserver.com/~bratalarm/ - Good generic unpacker
------------------------------------------------------
//OllyScript Oep finder by shag
// The amazing UPX OEP finder v2
// This script will quickly put you at the OEP of an UPX-packed EXE.
// Just run it!
// Implemented using hardware breakpoints (just for fun).
eob Break
findop eip, #61#
bphws $RESULT, "x"
run
Break:
sto
sto
bphwc $RESULT
ret
Error: You must be logged in to access the printer friendly view.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}