The tutorial demonstrates a step by step of unpacking, reversing and patching process using OllyDbg. There are several things needed to be note in here:
@To find the OEP (Original Entry Potion) of the program, we have to scrolling until we find an instruction named "POPAD", which is used to pop words into general purpose registers. Soon after POPAD, we need to find a jump instruction, which will takes us to the OEP. Remember to make a breakpoint at POPAD using F2. And press F9 to load and execute the packed exe which comes to the breakpoint. After that, we use OllyDump, a dll file also a OllyDbg plugin, to dump the active process to an PE file. So just keep pressing F8 (Run step by step) until it takes the jump and reaches the OEP. Once there, we just use OllyDump to dump the original code. Go to Plugins->OllyDump->Dump Debugged process.
@Press CTRL+F2 to reload the file.
@Press F7 to enter into the function.
@Press SPACE key to change the instruction content.
@To find the OEP (Original Entry Potion) of the program, we have to scrolling until we find an instruction named "POPAD", which is used to pop words into general purpose registers. Soon after POPAD, we need to find a jump instruction, which will takes us to the OEP. Remember to make a breakpoint at POPAD using F2. And press F9 to load and execute the packed exe which comes to the breakpoint. After that, we use OllyDump, a dll file also a OllyDbg plugin, to dump the active process to an PE file. So just keep pressing F8 (Run step by step) until it takes the jump and reaches the OEP. Once there, we just use OllyDump to dump the original code. Go to Plugins->OllyDump->Dump Debugged process.
@Press CTRL+F2 to reload the file.
@Press F7 to enter into the function.
@Press SPACE key to change the instruction content.