Unpacking Upolyx 0.

By: 3BR4H!M_Cid

Unpacking Upolyx 0.5

3BR4H!M_Cid -=| R3xXx4R|=Some thing about this Scrambler:

Upolyx is a upx scrambler that makes the manual unpacking it hard with
polymorphic method:
Tools Need:
Olly DBG, Olly Dump plug in, Lord Pe
Target: UnPackMe_uPolyX 0.5 "can downloaded at
http://www.tuts4you.com/index/UnPackMe/PE32bit/uPolyX%200.5.rar"

This Method is so simple and no problem for understanding it

Sorry for my English so sorry!
1-lets get started:
Fire up Peid and load the target on it (you must see this)

Ok you see that peid says us this app packed by upx and
scrambeled by Upolyx 0.5
Now fire up your olly Dbg and load the target on it (see this)

Unpacking Upolyx 0.5

By: 3BR4H!M_Cid

Ok!
Go down with mouse scroll until see the JMP at end up the loop
like this

Now set a break point (hit f2 on jmp) and push the F9 then hit the
F7
What happened? Ok. I told you that are no problem you just press
F7 (x2)
You must see this picture ok?

II

Unpacking Upolyx 0.5

By: 3BR4H!M_Cid

Hey! Where is the right code? For making it

Use this method:
Right click on code use Analyze analyze Code (you can use
Analyze it! Plug-in too)
Now you must see this pic:

Go down with mouse scroll until loop ends and you see this jmp

III

Unpacking Upolyx 0.5

By: 3BR4H!M_Cid

Now click on jmp and put a bp on it (with F2) this jump is go to

OEP
Ok now hit F9 and F7
Woooooooooooooooooow !!! We are on Oep

Now we must Dump It

Use olly dump plug-in and dump it:
Right click on code and choose Dump Debugged Process

IV

Unpacking Upolyx 0.5

By: 3BR4H!M_Cid

Only check the Oep is corrected and dump it

After dumping we must build IAT ok!
Fire up Import REConstructor and choose your file then hit IAT
Autoserch , Hit ok , and hit the get imports

Unpacking Upolyx 0.5

By: 3BR4H!M_Cid

You see some pointers are invalid

Fix theme by hit show invalid and, right click on the and choosing
Cut Tunks, now click on fix dump and choose our dumped file and
hit open!!(you can use my Upolyx for rebuilding IAT )
Now only it must be Rebuild:

Ok it's unpacked and Work

Thanks Teddy

Greets to:
Android, NewBie_cracker, Xatx, & (Unreal) | Joker, BrenaWolf,
Sub Z3Ro (Shabgard), AR Team, Great Snd Team, Rdgmax,
Teddy, Snaker And absolutely Soda & Black.BytE

3BR4H!M_Cid -=|R3xXx4R|=ebrahim_cid@yahoo.com
This Tutorial is to NOT BE Abused by ANYONE
The information in this TUTORIAL is for Educational PURPOSES ONLY.
The Application used in this Tutorial is copyrighted by the author.
All Logos, Files and names ARE copyrighted of the Authors and are in this tutorial for
Educational PURPOSES ONLY.

VI