How to unpack TRAP 1.20 MainProg with GTR 1.B0 latest beta ========================================================== (This is meant to be a little tutorial on how to use GTR. If you are interested in an other crypter to be unpacked mail to hendrix_@gmx.net) Hit these keys: What they are for: ------------------------------------------------ - - - - I) Load GTR, set it up and load a program: GTR /go load GTR. It is resident now and watches everything. [ESC] GTR pops up ANY TIME when you press ESCape Have a look at the info-window! [O] Go to the [O]ptions-menu [-] Change the "sensitivity" when trying to detect an unpacked program. Change it to [su0004] [B] Toggle the [B]reakpoint (turn it on) the default setting is CS:0100 - TRAP-main is a COM-file, so we have to break at CS:0100 [X] e[X]it the options-menu [C] [C]ontinue (go back to DOS) PL TRAP.EXE ProgramLoad means load the program and begin tracing it. GTR will execute the program step by step Unpacked? Have a look at the current CS-segment. Compare it to the PSP-segment (you find these values in the upper left box). The CS=PSP+014C . Well, this is not the original segment, but its another protection- layer. [O] Go to the Options-menu again [-] Decrease the sensitivity again by 1 to [su0003] [X] eXit the options-menu [C] Continue unpacking Unpacked? Its still CS=PSP+014C and still not what we want... [C] Continue unpacking Unpacked? Oh, yeah! It is CS=PSP! The program dump on the left looks anything but unpacked, but lets save this! II) Save an unpacked program [S] [S]ave mem: the memory-dumper is activated. It runs in DOS-mode, meaning we have to go back to DOS.. [C] Continue and let the dumper do its work Helper quit The dumper has finished. We are back at the old Unpacked? program (TRAP.EXE which turned out to be a COM:) You will find the dump as OUT.COM on your disk. III) Do silly things like watching TRAP decrypt itself You see now the unprotected version of TRAP. But lets watch TRAP decrypt itself: [O] Go Options [T] Toggle Tracer: you have to hit a key for each step [D] Toggle Disass: we want to see whats the current op [X] eXit options [C] Continue [anykey] a keypress will cause GTR to execute the next instruction [STRG] / [CTRL] This will cause the tracer to "run" while the key is held down IV) Set breakpoints to "step over" the decryption-loop We dont want to hold down the key the whole time so lets set a breakpoint! [ESC] ESCape stops the tracer [O] yeah, you know now, the options-menu [A] breakpointAddress: it is shown in yellow. enter "010F"+[enter]. [-] Set the sensitivity to su0000, so it will stop at the WITHOUT check for an unpacked program [D] Disass off... [T] Tracer off... [X] eXit options [C] Continue [F10] / [F11] scroll the memory-dump around ... Continue / Quit to DOS (means kill the task) / eXit GTR ... Hope you liked it, Hendrix / UCF