ObsidiumUnpacker by winndy
winndywinndy This quote was last edited by winndy on 2009-11-28 20:43
http://www.unpack.cn/viewthread.php?tid=42938
ObsidiumUnpacker
winndy
CNwinndy@hotmail.com
The unpacker is not fully tested. Any bugs or feedbacks ,please contact me.
Use at your own risk!
1 Usage
Long option Short option Comment
--unpack -f The full path name of the target
--injectdll -i The full path name of the dll to be injected when stop at OEP
--funcname -n The function name to be called of the injected dll.The default name is DoJob.int DoJob(void* pData)The pData points to a structure.The first DWORD is the ImageBase of the target.The second DWORD is the ImageSize of the target.The third DWORD is the PID of the target.
--patch_registered Patch sdk function ‘isRegistered’ return true.Sometimes,this will cause error.
--DONT_PARSE_STOLEN Do not clear the junk code in the raw stolen code.If the unpacker is hang up, try to use this option.
--BE_QUIET Don’t ask the user when unpacking is done.
--help -h Print usage.
SDK fix is not supported yet.
2 Example
2.1 The simple example
ObsidiumUnpacker.exe --unpack=c:\testob.exe
Or ObsidiumUnpacker.exe -f c:\testob.exe
2.2 Use ObsidiumUnpacker as a loader, and inject a dll to crack it.
Or ObsidiumUnpacker.exe -f c:\obsidium.exe –i =c:\InjectToObsidium.dll --patch_registered
This will load the obsidium.exe and inject dll to crack it,and it will show “registered”.But this probably cause error.For obsidium v1.3.6.4 it will cause error.
If you have a customized function name,you can use like this: