unpacking upx packed and scrambled pe

i am facing problem with unpacking upx packed and scrambled pe .Is there any tool available?here is a attachment namely 'remote anything' and is also available at 'www.twd-industries.com/en/downloads.htm'. The problem is of unpacking "slave.exe" when we unpack in winXX then it works fine in win 98/Me but the same unpack exe fail to work in winxp/win200/winnt. when we unpack in winxp/win200/winnt it works ,the same unpack exe fail to work .kindly help. some antivirus can trigger on slave .exe

I havent tried it on your mentioned target but here is what I know

UPXUnpack by Bratalarm (unpacks most generic and scrambled upx packed files)

Good 'ole PROCDUMP .. Unpack.. UPX works OK too on scrambled.
Old but still kickin' "some" **** is "ProcDump".
It will always remain in my best \TOOLS\ folder

Quote:

ProcDump version 1.6 (C) G-RoM, Lorian & Stone in 1998, 1999, 2000

You can also do it yourself manually.

[deXep]

maybe u can unpack it by ollydbg manually
load the target and input "hr esp-4" in cmd bar.
press f9 until you stop at OEP...
rebuild imports by imprec then fix the dump file

[N0P]

use UPX ripper 1.3 By Zodiax to unpack (it works at your target) or rename sections to UPX0, UPX1 .... an leave .rsrc then use UPX recover plug-in from PE Tools to recover and use upx -d to unpack (tested on UPX scrambler) ... BOth methods leaves target almost 100% original as before packing ...

BtW> Sorry for my bad English Iam only human

where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg

Hi. Have you tried using UPX.exe's -d option? I have successfully used the built-in feature to unpack many executables while cracking them; why utilise external tools where they are completely unnecessary? ProcDump is overkill, IMO.

If you have any problems, let me know.

-archaios

[N0P]

Quote:

Originally Posted by sss

where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg

hxxp://wasm.ru/tools/6/upx-ripper.zip or try Google !!!

hey pals,,,

i am hung with a upx packed and modified pe ocx file....

how 2 unpack it successfully..????

i dumped the file successfully,,, using the dex method,,,

now how 2 fix the imports... using importrec, as it loads the loaddll.exe

and not the ocx..

after picking the ocx control, from pick dll,

it shows module selected, and the image base and other things,,

when i click on IAT . it shows that nothing found at this oep.

help needed

thanx

TDW {RES}

[TmC]

Unpacked sinply with PEiD

peid is not unpacking it.....

i m tryin 2 unpack osenxpsuite v10

thanx

TDW {RES}