CiN1 Team - Cracking Is Number 1  

Cracking Is Number 1

Go Back   CiN1 Team - Cracking Is Number 1 >
~~ Learning Cracking ~~
> Free Talk About Cracking > UnPackMe's

Nội qui diễn đn - Forum Rules Must Read

Search kỹ trước khi post bi

Thread Tools Display Modes
Old 21-10-2016, 06:26 PM   #1
User Profile

CINOneLover's Avatar
Join Date: Fri Oct 2016
Posts: 1

Cấp bậc: 1 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 0
Hoạt động: 0 / 0
Kinh nghiệm: 0%

Thanks: 0
Thanked 1 Time in 1 Post
Default Mpress x64 2.19 UnpackMe

Hi Guys,

im a newbie and want to learn a lot, but now i have a problem to unpack
an mpress x64 2.19 compressed file. As beginner i followed the instructions
and read/watched some unpacking/learning videos/pdfs.

First i started with PeID, ExeInfo and Protection ID to get some information.
Protection ID said that the file (.dll) was with mpress x64 2.19 compressed.
I proofed some known entries with OllyDBG, Hexeditor and other tools.
As beginner i found some structures and names "mpress" within the code.
So i thought Protection ID was right.

After that i started x64 dbg and run the target once.
I traced into it and set a hardware breakpoint on access at the rsp address.
Probably i found the real OEP and copied the address to the clipboard.
I started scylla, picked up the process/.dll, import the address, IAT Autosearch,
Get Imports (OEP was found, everything was okay), dumped the process and finally fixed
it with "Fix Dump".

After that i can load the .dll and read the clean ASM code.

The .dll is a VST Instrument and i want to proof if i have uncompressed correctly.
So i decided to load it up and proof my unpacking result within differents daws.
The problem now is, that the .dll is corrupted and wont work anymore.
Some daws want load correctly and some daws show up an error message
"C++ R6002 Floating point support not loaded".
Of course i followed other tutorials (mpress x64 unpacking), but nothing worked
with the special target. Other compressed programs were fine uncompressed by myself.

I proofed my beginner knowledge and tried other packed "unpackmes".
Everything works fine with other programs or .dlls. So i think there must be a problem
with the target. Maybe a special compression?

Is anyone able to unpack the attached unpackme (x64 .dll) correctly and
can run it with different DAWs (Digital Audio Workstation) without errors?
Can anybody explain what is the problem with the target/protection/compression?

Of course it is only for me and for educational/learning purpose to understand
the main functions and the whole compressing . In my view i think it is a special mpress thing. Maybe a pro can tell me more.

Thank you very much!

I want to be a team member and want to learn fast and much.


Attached file:
[Only registered and activated users can see links. ]

Last edited by Kjacky; 21-10-2016 at 10:26 PM.
  Reply With Quote
The Following User Says Thank You to CINOneLover For This Useful Post:

mpress, unpackme

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +8. The time now is 08:39 PM.

Powered by vBulletin® Version 3.xx
Copyright ©2000 2017, Jelsoft Enterprises Ltd. Help
Licensed to: