Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-08-2005, 05:49 PM
orangutang orangutang is offline
Member
 
Join Date: May 2005
Posts: 20
Default

Try to unpack this:
http://www.geocities.com/superthingz/test.zip
If anyone can, tell me what program you used?
Reply With Quote
  #2  
Old 05-09-2005, 02:06 AM
JohnWho JohnWho is offline
Junior Member
 
Join Date: May 2005
Posts: 4
Default

Packed with UPX, EP looks like it's an old version of UPX!

I opened the file in HIEW went to offset 27e1 which is EP, from there you can follow the code to the OEP jump at offset 2938. OEP is 4014BC.

I'm pretty sure there's unpackers available for this, else unpack it manually it's extremely easy with UPX! I'm not gonna run this file on my box, it looks very fishy :unsure:

JohnWho.
Reply With Quote
  #3  
Old 05-09-2005, 04:13 PM
sna sna is offline
Administrator
 
Join Date: Jun 2003
Posts: 76
Default

Elegant Ambrosia. Wha..?!

Could have preserved file alignment + included an original first thunk and bound to msvbvm60.dll to bring it even closer to the original but what the heck. Had to rebuild resource data entries to be able to truncate the file at 0x9000 and rid it of UPX code/data, bit of a pain. And dude, what's with the icon?

Unpacking it is easy, the hard part is restoring it to make the file look good. There are about a million "tutorials" on how to unpack UPX; do you need help with something in particular?

Regards, sna
[attachmentid=3]
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.