Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-07-2004, 01:27
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
 
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
packing-format

i'm trying to extract a setup-file manually with my debugger.
this file creates a temporary file called com.dat, i analysed this is packed through the GZ-format.
so i unpacked it through winrar and got a file called com.gz.out

this file has no crypto or something else, all files are in plain there but i don't want to do that manually. the format in hex is looking like this:

00E0010064626768656C702E646C6C00CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD

there are a lot of more CD hex-bytes.
the first part seems to be some type of descriptor, it's a dword.
then there's the filename, a lot of more CD and then the next descriptor and next filename till it gets to the beginning of the files.

anyone knows what format this is and how to decompress it?
Reply With Quote
  #2  
Old 11-08-2004, 18:13
ArC ArC is offline
VIP
 
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
I assume it's the TAR format that can be unpacked by WinRAR aswell.
TAR is often used along with GZ because with GZ you can only compress one file at a time so first all files you want to compress are put into an uncompressed tar which is compressed with gz.
Reply With Quote
  #3  
Old 11-11-2004, 00:27
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
 
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
i thought the same first, but it seems if i rename it to tar, winrar can't read it. maybe modified, maybe some other type...
Reply With Quote
  #4  
Old 11-11-2004, 01:55
Juca
 
Posts: n/a
you might try to post something here:

http://groups.google.com/groups?hl=en&lr=&group=comp.compression
Reply With Quote
  #5  
Old 11-11-2004, 03:05
ArC ArC is offline
VIP
 
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
Quote:
this file has no crypto or something else, all files are in plain there...
Well if all files are in plaintext (as I understand from this statement) then it
should be easy to write an own unpacker for this un-gz-ed file.
What you have described looks like a structure of the following format
Code:
struct ungzfile
{
unsigned long dwOffset; // Offset of the file
char szFilename[256];    // name of the file, maybe more than 256 bytes
}
So if you wanted to extract all files you just "read out" this structure and store all offsets in an array until you reach the offset of the first entry. Now that you know the offsets of the files you can extract them.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Awesome Executable Packing DARKER General Discussion 0 12-12-2021 17:40
About .Net Packing and Introduction BackTangent General Discussion 10 06-12-2011 20:24
Windows Drivers (.sys) packing/protection pp2 General Discussion 8 04-15-2005 11:49
How to determine packing method? vxd General Discussion 2 12-01-2002 05:50


All times are GMT +8. The time now is 09:29.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )