#1
|
|||
|
|||
Removing UPX protection? (compressed file)
Actually I opened the file in Exescope to view resources, and Exescope told me that the .exe was compressed. So I sniffed the .exe in PE Tools, an it told me that the protection was.
Is there a way to automatically uncompress/unprotect the file, or is it a manual job? The file in question is actually a patch installer, so it's purpose is to update other files. Thanks. Last edited by Rhodium; 08-31-2004 at 04:43. |
#2
|
|||
|
|||
edit. bah, lol
Last edited by Rhodium; 08-31-2004 at 04:43. |
#3
|
|||
|
|||
upx -d file1.exe
|
#4
|
|||
|
|||
Quote:
|
#5
|
|||
|
|||
Rhodium: Koncol is suggesting You use UPX as unpacker (switch -d does that). Then You'll know almost for sure if it is UPX'ed.
I haven't seen this file but: 1. The signatures sometimes are the same for various packers/protectors (just try to protect Your executable with ExeShield and scan with ANY scanner. You will always get: PeCompact(!)). So, it's possible that it can be badly recognized. 2. Sometimes unpackers doesn't work as thay should 3. Sometimes coders are modyfiyng specific structures just to fail automatic unpackers (and that's the most common for free packers, especially UPX). 4. Author could set another, own envelope, after first unpack. 5. Bla bla 6. ... Ok. I suggest You to dump the file from memory then rebuild everything. If someone is using UPX, there is 98% possibility it's a piece of cake. Just try dumping... Regards. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unpacking Aspack compressed file | trodas | General Discussion | 2 | 05-10-2009 08:23 |
Removing DiscGuard protection | ee45678 | General Discussion | 1 | 01-23-2005 07:02 |