Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-23-2005, 00:20
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
PEiD and UPX

Hi,
I have an exe file idents as UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo by PEiD, but when I try to use UPX 1.93 to unpack it, I got the below result:

Quote:
cmd> upx -d -f winkey.exe
Ultimate Packer for eXecutables
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
UPX 1.93 beta Markus F.X.J. Oberhumer & Laszlo Molnar Feb 7th 2005

File size Ratio Format Name
-------------------- ------ ----------- -----------
upx: packer.exe: CantUnpackException: file is modified/hacked/protected; take ca
re!!!

Unpacked 0 files.
Is it modified really and how do I get packer exactly?
Reply With Quote
  #2  
Old 09-23-2005, 01:31
Unforgiv3N's Avatar
Unforgiv3N Unforgiv3N is offline
Friend
 
Join Date: Aug 2005
Posts: 172
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
Unforgiv3N Reputation: 0
Maybe That is Scrambled UPX File. or used Faked UPX Singature
Try Unpacker for UPX Plugins for PEiD in 80% of Cases it will work

otherwise you should attach the file
Reply With Quote
  #3  
Old 09-23-2005, 01:37
TQN TQN is offline
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 342
Rept. Given: 142
Rept. Rcvd 20 Times in 12 Posts
Thanks Given: 166
Thanks Rcvd at 129 Times in 42 Posts
TQN Reputation: 20
With UPX, we can use PE Explorer. The UPX plugin of PE Explorer is great, it can unpack all most UPX (scramble, modified) file. Open your exe with PE Explorer and save to new exe. This way is fastest.
Reply With Quote
  #4  
Old 09-23-2005, 03:28
WerEsT
 
Posts: n/a
Asus
Use Upx Ripper 1.3
http://www.hanzify.org/?Go=Show::List&ID=5441&Down=1&L=cn
or attach file.
Reply With Quote
  #5  
Old 09-23-2005, 04:16
pluscontrol
 
Posts: n/a
upx is not a difficult packer, you can unpack it by hand with little effort and there are a lot of tuts to guide you
Reply With Quote
  #6  
Old 09-23-2005, 05:00
Darus
 
Posts: n/a
and there are some scripts for ollydebug
Reply With Quote
  #7  
Old 09-23-2005, 19:38
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
Thanks to all who replied and give me idea! But I used PEiD to unpack it, it seems successed, but when I run that file, I got the box with:

Application Error
----------------------
The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

Any suggestion?

tnx.

Last edited by Asus; 09-23-2005 at 19:42.
Reply With Quote
  #8  
Old 09-23-2005, 21:10
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
IAT rebuilding error, use IMPREC to fix it.(get some tuts before)
Reply With Quote
  #9  
Old 09-23-2005, 22:57
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
Thanks for your reply - tao. I will see what I can do;-)
Reply With Quote
  #10  
Old 09-23-2005, 23:16
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 49
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Asus, it's better to give us a download link to help better.
Reply With Quote
  #11  
Old 09-24-2005, 00:00
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
WASM seems down so I can not get UPX-Ripper, may anyone attach it?
Reply With Quote
  #12  
Old 09-24-2005, 02:48
WerEsT
 
Posts: n/a
Quote:
Originally Posted by Asus
WASM seems down so I can not get UPX-Ripper, may anyone attach it?
Asus
/ UPX-Ripper 1.3 in attach /
Attached Files
File Type: rar UPX-Ripper.rar (538.7 KB, 45 views)
Reply With Quote
  #13  
Old 09-24-2005, 02:57
Unforgiv3N's Avatar
Unforgiv3N Unforgiv3N is offline
Friend
 
Join Date: Aug 2005
Posts: 172
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
Unforgiv3N Reputation: 0
if it was packed by UPX, it will open into Heaven$oft Resource Tuner and if you save the file it will Unpack with Resource Tuner Embedded UPX Plugins.

Try it also.
Reply With Quote
  #14  
Old 09-24-2005, 06:12
learner38 learner38 is offline
Reseacher
 
Join Date: Aug 2002
Posts: 176
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 7 Times in 7 Posts
learner38 Reputation: 2
Heaven$oft Resource Tuner and PE Explorer is the same plugin
and working sooo nice.. tested by ME..
about ripper not working with all..
PE exploer in our FTP..
thanks Unforgi3n and TQN
Reply With Quote
  #15  
Old 09-24-2005, 07:18
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
Again, thanks to all people who helped me;-) But all of them are failed to unpack files I had in my hand.

Last edited by Asus; 09-24-2005 at 21:47.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 22:55.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )