|
|
|
|
#1
08-02-2022, 17:40
|
|||
|
|||
|
How to repair UPX dump?
I am trying to learn unpacking and repairing.
It looks like i cant repair some of the import after creating a simple UPX unpack me. (thought first this a problem of the other target im looking at, but it looks like its a normal problem.) Usually i use UPX unpack feature and then repair this with scylla by attaching to the running process. But then there are imports i cant repair that way, as they remain suspect/invalid and also the dump does not run. Any ideas what could have been wrong? Let me see if i can later post a sample with pictures of the problem. 
|
|
#2
08-03-2022, 17:05
|
|||
|
|||
|
UPX does not keep the original import table, it recontructs a non-standard import table on compressing, so you should write a program to rebuild it.
|
| The Following User Says Thank You to BlackWhite For This Useful Post: | ||
binarylaw (08-09-2022) | ||
|
#3
08-04-2022, 01:54
|
||||
|
||||
|
use CFF Explorer to unpack
maybe is a fake upx that masks a vmprotect
__________________
Decode and Conquer
|
| The Following User Says Thank You to niculaita For This Useful Post: | ||
binarylaw (08-09-2022) | ||
|
#4
08-16-2022, 01:32
|
|||
|
|||
|
Looking at this for fun: https://www.bvckup2.com/download
it unpacks fine, but i cant repair the import table. CFF Explorer, produces an exe, which propmpts windows to show the message that the resulting exe is not for this pc.
|
|
#5
08-16-2022, 07:26
|
|||
|
|||
|
"upx -d --strip-relocs=0 bvckup2.exe" or use a devel build, this issue was fixed meanwhile
|
|
#7
08-22-2022, 20:56
|
|||
|
|||
|
Pretty sure the issue will still be in 3.95, you can read about the bug here, related to using upx.exe to decompress ASLR binaries : https://github.com/upx/upx/issues/359
But it sounds like you were trying to manually unpack it, so i'm not really sure...
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
