Off topicEXE Unpacking| Author | Post | ||
bbdakraxor |
Hey there! I'm new to EXE unpacking and I have some questions. How can you decide which executable packer did the programmer use? Are there any general methods of unpacking executables that works for all (or at least most of) executables? |
||
Edited by bbdakraxor on 03.01.2005 21:31:28 | |||
 03.01.2005 21:29:08 |
|
||
| unknown user |
each exe packer has a particular algorhitm.. some people even invent there own.. in know a few people who do on a regular basis. the only way to determain it is by signatures much like a virus would have.. or by analyzing the first few bytes.. however those can also be altered through polymorphic code and randomization crap.. so technically there is no absolute way to determain the packer or cryptor and as for unpacking them u can acutally write ur own apps to do so by loading them into memory and them dumping them to disk in a particular way however some even have protection against this. hope that helps u. |
||
| 04.01.2005 01:47:53 |
|
||
|
bbdakraxor |
How can I dump them? I found a program called ProcDump32 that should be able do this, but the output EXE files can't be run because of some kind of initialization error. |
||
|
04.01.2005 14:18:39 |
|
||
| unknown user |
I found some very good ollyebug tuts. (sadly forgot the link) they suggested a very good tool to ... unpack |
||
| 04.01.2005 21:36:04 |
|
||
occasus      |
Perhaps these nice sites can help you  http://unpack.cjb.net/ http://protools.cjb.net/ --> very good |
||
 05.01.2005 02:24:05 |
|
||
|
chaosphere |
There is also another very useful tool, it's called PEid. It shows you with what Algrithm a Program is packed. greetz chaosphere |
||
 05.01.2005 08:24:57 |
|
||
|
bbdakraxor |
Lots of thanks! PEiD is really good. |
||
|
05.01.2005 15:29:50 |
|
||
private message
EMail
Website