Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-27-2004, 16:16
sss
 
Posts: n/a
unpacking upx packed and scrambled pe

i am facing problem with unpacking upx packed and scrambled pe .Is there any tool available?here is a attachment namely 'remote anything' and is also available at 'www.twd-industries.com/en/downloads.htm'. The problem is of unpacking "slave.exe" when we unpack in winXX then it works fine in win 98/Me but the same unpack exe fail to work in winxp/win200/winnt. when we unpack in winxp/win200/winnt it works ,the same unpack exe fail to work .kindly help. some antivirus can trigger on slave .exe
Attached Files
File Type: zip remote-trial.zip (527.2 KB, 35 views)
Reply With Quote
  #2  
Old 09-27-2004, 19:07
nullz
 
Posts: n/a
I havent tried it on your mentioned target but here is what I know

UPXUnpack by Bratalarm (unpacks most generic and scrambled upx packed files)

Good 'ole PROCDUMP .. Unpack.. UPX works OK too on scrambled.
Old but still kickin' "some" **** is "ProcDump".
It will always remain in my best \TOOLS\ folder
Quote:
ProcDump version 1.6 (C) G-RoM, Lorian & Stone in 1998, 1999, 2000
You can also do it yourself manually.
Reply With Quote
  #3  
Old 09-28-2004, 09:44
deXep deXep is offline
Friend
 
Join Date: Aug 2004
Posts: 42
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
deXep Reputation: 0
maybe u can unpack it by ollydbg manually
load the target and input "hr esp-4" in cmd bar.
press f9 until you stop at OEP...
rebuild imports by imprec then fix the dump file
Reply With Quote
  #4  
Old 09-28-2004, 10:33
N0P's Avatar
N0P N0P is offline
Friend
 
Join Date: Aug 2003
Location: Brno[CzechRepublic]
Posts: 85
Rept. Given: 19
Rept. Rcvd 10 Times in 9 Posts
Thanks Given: 12
Thanks Rcvd at 22 Times in 15 Posts
N0P Reputation: 10
use UPX ripper 1.3 By Zodiax to unpack (it works at your target) or rename sections to UPX0, UPX1 .... an leave .rsrc then use UPX recover plug-in from PE Tools to recover and use upx -d to unpack (tested on UPX scrambler) ... BOth methods leaves target almost 100% original as before packing ...

BtW> Sorry for my bad English Iam only human
Reply With Quote
  #5  
Old 09-28-2004, 13:37
sss
 
Posts: n/a
where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg
Reply With Quote
  #6  
Old 09-28-2004, 17:02
archaios
 
Posts: n/a
UPX unpacking

Hi. Have you tried using UPX.exe's -d option? I have successfully used the built-in feature to unpack many executables while cracking them; why utilise external tools where they are completely unnecessary? ProcDump is overkill, IMO.

If you have any problems, let me know.

-archaios
Reply With Quote
  #7  
Old 09-28-2004, 19:59
N0P's Avatar
N0P N0P is offline
Friend
 
Join Date: Aug 2003
Location: Brno[CzechRepublic]
Posts: 85
Rept. Given: 19
Rept. Rcvd 10 Times in 9 Posts
Thanks Given: 12
Thanks Rcvd at 22 Times in 15 Posts
N0P Reputation: 10
Quote:
Originally Posted by sss
where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg
hxxp://wasm.ru/tools/6/upx-ripper.zip or try Google !!!
Reply With Quote
  #8  
Old 07-09-2005, 04:18
The Day Walker!
 
Posts: n/a
hey pals,,,

i am hung with a upx packed and modified pe ocx file....

how 2 unpack it successfully..????

i dumped the file successfully,,, using the dex method,,,

now how 2 fix the imports... using importrec, as it loads the loaddll.exe

and not the ocx..

after picking the ocx control, from pick dll,

it shows module selected, and the image base and other things,,

when i click on IAT . it shows that nothing found at this oep.

help needed

thanx

TDW {RES}

Last edited by The Day Walker!; 07-09-2005 at 04:44.
Reply With Quote
  #9  
Old 07-10-2005, 07:49
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 320
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Unpacked sinply with PEiD
Attached Files
File Type: zip Slave.zip (108.4 KB, 16 views)
Reply With Quote
  #10  
Old 07-11-2005, 01:55
The Day Walker!
 
Posts: n/a
peid is not unpacking it.....

i m tryin 2 unpack osenxpsuite v10

thanx

TDW {RES}
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem on unpacking a telock 0.98 b1 packed dll peter888 General Discussion 6 05-25-2004 21:04


All times are GMT +8. The time now is 13:35.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )