LCF-AT says upack should be this

So there is no quick unpack way.So the Versions differ.The only thing what you have to do in your UnpackMe is to get the OEP | Find IAT start | Fix IAT with right API | Fix API Jump Table to IAT | Fix all calls to jump table.For this I wrote some diffrent small scripts which can do this steps.Just trace into any call to safe section there you can see what happend.

Here some quick easy basic steps which you can try.

Push 0
----------------
call GMHA / EMU
Get API Name
Check API for hooking / CRCs
Write API or Emu API at Push 0 above = Push direct API or EMU API Address
Call API / Emu API

Maybe I write some Unpack exsamples someday.

greetz

 

http://forum.tuts4you.com/topic/29726-unpack-safengine-protector-v2170/