Exetools - unpacking upx packed and scrambled pe

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - unpacking upx packed and scrambled pe (https://forum.exetools.com/showthread.php?t=5526)

sss	09-27-2004 16:16

unpacking upx packed and scrambled pe

1 Attachment(s)

i am facing problem with unpacking upx packed and scrambled pe .Is there any tool available?here is a attachment namely 'remote anything' and is also available at 'www.twd-industries.com/en/downloads.htm'. The problem is of unpacking "slave.exe" when we unpack in winXX then it works fine in win 98/Me but the same unpack exe fail to work in winxp/win200/winnt. when we unpack in winxp/win200/winnt it works ,the same unpack exe fail to work .kindly help. some antivirus can trigger on slave .exe

nullz

09-27-2004 19:07

I havent tried it on your mentioned target but here is what I know

UPXUnpack by Bratalarm (unpacks most generic and scrambled upx packed files)

Good 'ole PROCDUMP .. Unpack.. UPX works OK too on scrambled.
Old but still kickin' "some" **** is "ProcDump".
It will always remain in my best \TOOLS\ folder :D

Quote:

ProcDump version 1.6 (C) G-RoM, Lorian & Stone in 1998, 1999, 2000

You can also do it yourself manually.

deXep

09-28-2004 09:44

maybe u can unpack it by ollydbg manually
load the target and input "hr esp-4" in cmd bar.
press f9 until you stop at OEP...
rebuild imports by imprec then fix the dump file

N0P	09-28-2004 10:33

use UPX ripper 1.3 By Zodiax to unpack (it works at your target) or rename sections to UPX0, UPX1 .... an leave .rsrc then use UPX recover plug-in from PE Tools to recover and use upx -d to unpack (tested on UPX scrambler) ... BOth methods leaves target almost 100% original as before packing ...

BtW> Sorry for my bad English Iam only human ;)

sss	09-28-2004 13:37

where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg

archaios

09-28-2004 17:02

UPX unpacking

Hi. Have you tried using UPX.exe's -d option? I have successfully used the built-in feature to unpack many executables while cracking them; why utilise external tools where they are completely unnecessary? ProcDump is overkill, IMO.

If you have any problems, let me know.

-archaios

N0P	09-28-2004 19:59

Quote:

Originally Posted by sss

where can i find UPX ripper 1.3 By Zodiax to unpack it. I have tried procdump and UPXUnpack by Bratalarm but with no success. is there any tutorial available for ollydbg

hxxp://wasm.ru/tools/6/upx-ripper.zip or try Google !!!

The Day Walker!

07-09-2005 04:18

hey pals,,,

i am hung with a upx packed and modified pe ocx file....

how 2 unpack it successfully..????

i dumped the file successfully,,, using the dex method,,,

now how 2 fix the imports... using importrec, as it loads the loaddll.exe

and not the ocx..

after picking the ocx control, from pick dll,

it shows module selected, and the image base and other things,,

when i click on IAT . it shows that nothing found at this oep.

help needed

thanx

TDW {RES}

TmC	07-10-2005 07:49

1 Attachment(s)

Unpacked sinply with PEiD

The Day Walker!

07-11-2005 01:55

peid is not unpacking it.....

i m tryin 2 unpack osenxpsuite v10

thanx

TDW {RES}

All times are GMT +8. The time now is 15:12.