ripping some data from upx packed file

Hi,

I`ve got upx packed file that contains some graphic and music module. It`s a keygenerator from vengenace group. I used procdump32 to dump keygen process from memory and now file is 10 times bigger than original and still works fine so I suppose that file is now unpacked and descrambled (maybe I`m wrong, I don`t know). Then I used DOS multi ripper 3.0 and I found these bitmaps inside. It also found mxm file (probably it`s a gus music module format) but file is to big and has many unwanted informations about dll calls inside so I`m sure that file is incorrect. So my question is...would it be possible to ripp manualy music played by keygen ?? I know that some people did such thing so can you give my some clues ? I`d be gratefull for every suggestion

Best regards
Peter

1. Open EXE in hex-editor (hiew, winhex etc) and try to find header signature (you may open existing BMP, or MXM and saw it) and dum it.
2. Disassemble EXE and find GDI, WindowsMedia or DirectX API entry and debug it in programm work.
Head and hand will help you.

[Unforgiv3N]

Try Heaven$oftware Resource Tunner, it have a good UPX Unpacker that also works with Modified UPX files!

and music file should be play with Winamp!

[Newbie_Cracker]

and mxm file (and other files)may be attached as overlay or may be in resource of exe file. You must find it's type to dump.

mxm is reduced size xm for mxm player, there is xm2mxm converter and viceversa, so fire up google and look for mxm2xm thats all