PEiD and UPX

Asus · #1 09-23-2005, 00:20

Hi,
I have an exe file idents as UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo by PEiD, but when I try to use UPX 1.93 to unpack it, I got the below result:

Quote:

cmd> upx -d -f winkey.exe
Ultimate Packer for eXecutables
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
UPX 1.93 beta Markus F.X.J. Oberhumer & Laszlo Molnar Feb 7th 2005

File size Ratio Format Name
-------------------- ------ ----------- -----------
upx: packer.exe: CantUnpackException: file is modified/hacked/protected; take ca
re!!!

Unpacked 0 files.

Is it modified really and how do I get packer exactly?

Unforgiv3N · #2 09-23-2005, 01:31

Maybe That is Scrambled UPX File. or used Faked UPX Singature
Try Unpacker for UPX Plugins for PEiD in 80% of Cases it will work

otherwise you should attach the file

TQN · #3 09-23-2005, 01:37

With UPX, we can use PE Explorer. The UPX plugin of PE Explorer is great, it can unpack all most UPX (scramble, modified) file. Open your exe with PE Explorer and save to new exe. This way is fastest.

#4 09-23-2005, 03:28

Asus
Use Upx Ripper 1.3
http://www.hanzify.org/?Go=Show::List&ID=5441&Down=1&L=cn
or attach file.

pluscontrol · #5 09-23-2005, 04:16

upx is not a difficult packer, you can unpack it by hand with little effort and there are a lot of tuts to guide you

Darus · #6 09-23-2005, 05:00

and there are some scripts for ollydebug

Asus · #7 09-23-2005, 19:38

Thanks to all who replied and give me idea! But I used PEiD to unpack it, it seems successed, but when I run that file, I got the box with:

Application Error
----------------------
The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

Any suggestion?

tnx.

taos · #8 09-23-2005, 21:10

IAT rebuilding error, use IMPREC to fix it.(get some tuts before)

Asus · #9 09-23-2005, 22:57

Thanks for your reply - tao. I will see what I can do;-)

Newbie_Cracker · #10 09-23-2005, 23:16

Asus, it's better to give us a download link to help better.

Asus · #11 09-24-2005, 00:00

WASM seems down so I can not get UPX-Ripper, may anyone attach it?

#12 09-24-2005, 02:48

Quote:

Originally Posted by Asus

WASM seems down so I can not get UPX-Ripper, may anyone attach it?

Asus
/ UPX-Ripper 1.3 in attach /

Unforgiv3N · #13 09-24-2005, 02:57

if it was packed by UPX, it will open into Heaven$oft Resource Tuner and if you save the file it will Unpack with Resource Tuner Embedded UPX Plugins.

Try it also.

minawahib1 · #14 09-24-2005, 06:12

Heaven$oft Resource Tuner and PE Explorer is the same plugin
and working sooo nice.. tested by ME..
about ripper not working with all..
PE exploer in our FTP..
thanks Unforgi3n and TQN

Asus · #15 09-24-2005, 07:18

Again, thanks to all people who helped me;-) But all of them are failed to unpack files I had in my hand.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PEiD v0.95	apex	Software Release	3	05-18-2009 23:14
PEiD v0.94	James	Software Release	10	11-07-2005 13:00
PEiD v0.92	snaker	Software Release	10	03-23-2004 21:59
PEiD v0.91	snaker	Software Release	20	11-24-2003 22:16
PEiD v0.8	snaker	Software Release	17	08-12-2002 18:23