Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Main | Index

Max Format 1.22b2

Type : Disk Format Utility
Protection : Packed
Tech : Memory Dump


Crack : Here nothing is done with import table of the program
so our work is simple like unpacking ASPack.

1 Go to the end point of the unpacker routine.
2 Use a memory dumper like PE-Editor to dump the entire process
to a file.
3 Find out the Original Entry Point [ OEP ] of the program.
4 Changed the entry point of the dumped file with PE-Editor.

Entry Point = OEP - Image Base

Note : If the program does not break at start point in symbol loader -
Change the FLAG of TEXT Section to = E0000020

End point of the unpacker routine is shown below :

0x4594F1 POPAD
0x4594F2 JNZ 0x4594FC
.....................
0x4594FC PUSH 0x443578 >> OEP
0x459501 RET >> DUMP HERE : USE 'JMP EIP' HERE TO
FORM A INFINITE LOOP AND COME OUT
OF SICE.THEN DUMP FULL PROCESS.THEN
OPEN DUMPEDFILE IN HEX EDITOR AND
CHANGE 'JMP EIP' TO 'RET'.

Change the entry point of the dumped program file.