Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-07-2019, 01:47
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 128
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Finding which packer has been used

Hi,

I am trying to patch a flexlm.dll, from company slb, but the file has been packed, so the normal search routines don't work.
How can I find out which packer has been used?
Reply With Quote
  #2  
Old 09-07-2019, 06:27
atom0s's Avatar
atom0s atom0s is online now
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 245
Rept. Given: 24
Rept. Rcvd 101 Times in 47 Posts
Thanks Given: 42
Thanks Rcvd at 417 Times in 164 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
- DetectItEasy (DIE)
- ProtectionID
- PEiD (With custom signature database otherwise it's pretty trash now.)
- ExeinfoPE
- RDG Packer Detector

Etc. there are a lot of detector apps available to help determine things with ease. Otherwise you can manually investigate the file to look for common traits of popular packers.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
niculaita (09-08-2019)
  #3  
Old 09-13-2019, 23:57
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 128
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
O.K.
I tried all the tools you suggested but nonen of them detects the packer used.

PEID doesn't even recognize the dll file as a PE file, and I have no idea where to get the custom signature database file.
Reply With Quote
  #4  
Old 09-14-2019, 02:37
atom0s's Avatar
atom0s atom0s is online now
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 245
Rept. Given: 24
Rept. Rcvd 101 Times in 47 Posts
Thanks Given: 42
Thanks Rcvd at 417 Times in 164 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by rcer View Post
O.K.
I tried all the tools you suggested but nonen of them detects the packer used.

PEID doesn't even recognize the dll file as a PE file, and I have no idea where to get the custom signature database file.
PEiD wont recognize 64bit files. So don't bother finding the custom databases for it if that is the case. You could post the file here and have someone take a look for you though if you still have issues figuring it out though.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #5  
Old 09-14-2019, 04:28
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 128
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
O.K. I have uploaded the file.
Would be nice to get some hints about how to unpack this file
Attached Files
File Type: rar SlbLicenseC.rar (3.43 MB, 14 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 12:33.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX