#1
|
|||
|
|||
Microsoft Visual C++ 5.0 [Overlay] ?
I'm interesting on an app, but PEiD show me Microsoft Visual C++ 5.0 [Overlay]. A quick analysis show me that is coded in foxpro but no code is there, i know that is packed but google don't show me nothing about unpacking Microsoft Visual C++ 5.0 [Overlay].
Somebody know How can I start? |
#2
|
|||
|
|||
er,PEiD shows Microsoft Visual C++ 5.0 [Overlay]. Maybe it's not a Microsoft Visual C++ 5.0 program,but others. You can use OllyDbg to unpack it by hand.
Good luck. |
#3
|
||||
|
||||
Few -New?-Modified?- packer are detected as Microsoft Visual C++
if you play with Old known packer with olly you get to know witch packer without using PEiD... |
#4
|
|||
|
|||
you could try with "RDG Packer Detector"
|
#5
|
|||
|
|||
the best way to find out what you're dealing with here is to simply debug it. have a look at it and see. i know this is vague, but honestly that's the best thing to do.
i see these protector scanner apps as useful guides to let you know what you're dealing with and not a definitive step for deciding your next move should be. so when you get a result like [some normal compiler(overlay)] it's time to do some sleuthing for yourself good luck |
#6
|
||||
|
||||
Hello:
Try this scanner for packed .exe: http://download.copybase.ch/araysoft/Cb/ArayScanner2023.rar Hope it helps! Cheers Nacho_dj |
#7
|
|||
|
|||
ArayScanner....
Quote:
Not bad. But is it worthy here
__________________
{RES} |
#8
|
|||
|
|||
How about check the section name? Sometimes nameless packers are not detected by PEiD. And that packers usually use its own name for packer's section by default. After getting name and googling
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Oldie: Microsoft C (NOT visual C++) | FEARHQ | General Discussion | 5 | 10-10-2002 03:29 |