 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
11-21-2004, 12:33 PM
|
|||
|
|||
Unpacking a Microsoft Visual C++ 6.0 compiled file
I have a Microsoft Visual C++ 6.0 file (An Unreal Tournament Update) I want to unpack to get to the files inside it.
What tools do I need? Thanks for your help  This is the file. ftp://ftp.bluesnews.com/ut/UTPatch436.exe 
|
|
#2
11-21-2004, 10:47 PM
|
|||
|
|||
|
Installer fun
Hi.
The executable you linked to is a self-extracting Winzip archive. Having either Winzip or WinRAR installed (with shell extensions registered) you can right click on it and choose "extract to...". The installer/updater is possibly home brewn but if you look inside it you'll notice that none of its data is compressed. The executable itself is a generically built installer/updater that carries overlay data, past the .rsrc section. There is a table with file information starting at/near offset 0x01189D29. Actually, it might be offset 0x01189D27 (0x0347 entries). If you look at the individual entries you will begin to recognise a pattern. The first byte is the length of the target path of the file (including null terminator), relative to base path. Then comes the actual target path as a string, again relative to base path. Next after that is a dword with the raw offset of the source file inside the installer executable. Then there's a dword specifying the size of the file and following that there are five bytes of unknown purpose. Code:
OFFSET * * - SIZE * * * - TARGET 0x00008000 - 0x000059B3 - SystemManifest.ini 0x0000D9B3 - 0x0000026B - SystemManifest.int etc... Happy reversing! Regards, sna
|
Linear Mode
