I learn how to pack then unpack scripts with UPX and C language. Here is my script which I packs:
it is quite simple, just types string "hello world" on a screen. Well, I pack it using next commands:
gcc -m32 main.c -o main
upx main.exe -o main-upx.exe
And it all works fine for me, here is the output of DIE
As you can see, here I get that PE is packed with UPX (best option, but it does not matter).
The next thing which I do is opening the packed file with x64dbg (x32 mode).
There I find popad rule, and after some commands I reach actual unpacked entry point of the application. Here it is:
I am sure that this is actual entry point, because when I execute all code which is bellow until it works fine, here is the result of execution:
Well, after it, when I found the actual point, from where the program runs, I try to create a dump of memmory with built-in application Scylla:
Steps which i do:
- Insert in OEP my new entry point, for me it is 005E14C0
- Secondly, I click button IAT Autosearch
- Then I click Get imports
- Next step is dumping the memmory with selected settings, I click dump and save the file as main-upx_dump.exe
- After that all, I just click the last button which is Fix Dump to fix imports table and also save the file.
The next step which I do, is running the .exe, and when I starts it in cmd, the output which i receive is nothing, just an empty string, here it is:
I just cannot get what am i doing wrong, if you know what could go wrong, please, write an answer, thanks a lot!