Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-31-2005, 16:02
s3ct0r
 
Posts: n/a
Question Microsoft Visual C++ 5.0 [Overlay] ?

I'm interesting on an app, but PEiD show me Microsoft Visual C++ 5.0 [Overlay]. A quick analysis show me that is coded in foxpro but no code is there, i know that is packed but google don't show me nothing about unpacking Microsoft Visual C++ 5.0 [Overlay].

Somebody know How can I start?
Reply With Quote
  #2  
Old 08-01-2005, 09:19
Warren
 
Posts: n/a
er,PEiD shows Microsoft Visual C++ 5.0 [Overlay]. Maybe it's not a Microsoft Visual C++ 5.0 program,but others. You can use OllyDbg to unpack it by hand.

Good luck.
Reply With Quote
  #3  
Old 08-01-2005, 17:27
dj-siba's Avatar
dj-siba dj-siba is offline
Musician Member
 
Join Date: Jun 2003
Location: Outside the dot
Posts: 320
Rept. Given: 32
Rept. Rcvd 43 Times in 21 Posts
Thanks Given: 51
Thanks Rcvd at 150 Times in 39 Posts
dj-siba Reputation: 42
Few -New?-Modified?- packer are detected as Microsoft Visual C++
if you play with Old known packer with olly you get to know witch packer without using PEiD...
Reply With Quote
  #4  
Old 08-05-2005, 10:35
pluscontrol
 
Posts: n/a
you could try with "RDG Packer Detector"
Reply With Quote
  #5  
Old 08-05-2005, 14:43
bollygud
 
Posts: n/a
the best way to find out what you're dealing with here is to simply debug it. have a look at it and see. i know this is vague, but honestly that's the best thing to do.

i see these protector scanner apps as useful guides to let you know what you're dealing with and not a definitive step for deciding your next move should be. so when you get a result like [some normal compiler(overlay)] it's time to do some sleuthing for yourself

good luck
Reply With Quote
  #6  
Old 08-05-2005, 15:44
Nacho_dj's Avatar
Nacho_dj Nacho_dj is offline
Lo*eXeTools*rd
 
Join Date: Mar 2005
Posts: 196
Rept. Given: 12
Rept. Rcvd 170 Times in 31 Posts
Thanks Given: 29
Thanks Rcvd at 79 Times in 28 Posts
Nacho_dj Reputation: 100-199 Nacho_dj Reputation: 100-199
Hello:

Try this scanner for packed .exe:

http://download.copybase.ch/araysoft/Cb/ArayScanner2023.rar

Hope it helps!


Cheers

Nacho_dj
Reply With Quote
  #7  
Old 08-06-2005, 04:01
codeX's Avatar
codeX codeX is offline
{RES} Cracker
 
Join Date: Dec 2004
Location: C:\WINDOWS\SYSTEM32
Posts: 162
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
codeX Reputation: 0
ArayScanner....
Quote:

1.1) CD Scan:
---- -------
These protections can be detected using the "Scan" button in A-Ray Scanner V2

ActiveMARK
Bitpool
Cactus Data Shield 200
CD-Cops
CDLock
CDProtector
CodeLock
Copykiller
DiscGuard
LaserLock
LaserLock Marathon
ProtectCD
ProtectCD-VOB
SafeDisc
SafeDisc Lite
SecuROM Old
SecuROM New
SecuROM 2-7
Settec Alpha Rom
Smarte
Slovak Protector (SVKP)


1.2) Sector Scan:
---- -----------
These protections can be detected using the "Sector Scan" button in A-Ray Scanner V2
*Please note - Copy Protection version numbers CANNOT be detected with this method!*

CodeLock
DVDCrypt CSS/CPPM
Libcrypt (PSX)
Safedisc
Safedisc DVD
SecuROM
SecuROM DVD
Sysiphus
Tages
VCD/SVCD

1.3) Directory / Executable Scan:
---- ---------------------------
These protections can be detected using the "Scan Directory" button in A-Ray Scanner V2, or by dragging & dropping the executable file into the log window. If "Context Menu" is ticked in the options page you can also scan for these by right-clicking on a file and selecting "Scan with A-Ray Scanner".

3P-Lock
CD-Lock
CodeLock
JoWood Xprot
ProtectCD
ProtectCD-VOB
Safedisc
Safedisc Lite
SecuROM Old
SecuROM New
SecuROM 2-7
Smarte
Starforce
Slovak Protector (SVKP)

Not bad. But is it worthy here
__________________
{RES}
Reply With Quote
  #8  
Old 08-11-2005, 00:49
suddenLy suddenLy is offline
Friend
 
Join Date: Jan 2005
Posts: 60
Rept. Given: 2
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 7 Times in 7 Posts
suddenLy Reputation: 3
How about check the section name? Sometimes nameless packers are not detected by PEiD. And that packers usually use its own name for packer's section by default. After getting name and googling
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oldie: Microsoft C (NOT visual C++) FEARHQ General Discussion 5 10-10-2002 03:29


All times are GMT +8. The time now is 10:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )