BRAT in .data, .text....

AarzaK · #1 12-09-2004, 04:58 PM

Hi, sorry my question. I "unpacking" a .exe with upx, now says this BRAT in all sections.

How I can Solved this? now says BRAT

what is BRAT?

Sorry my English.

Regards.

CoDe_InSiDe · #2 12-10-2004, 05:54 AM

Hi AarzaK,

I believe BRAT is the author of the tool you used to unpack UPX

He puts his name in the sections because you used that unpacking tool

You can simply change the sections names in whatever you want.

Regards,

CoDe_InSiDe

AarzaK · #3 12-10-2004, 12:43 PM

HI CoDe_InSiDe;

Code:

Object table:



# *Name * VirtSize * * RVA * * *PhysSize *Phys off *Flags

__________________________________________________________________

01 UPX0 * 00133000 * 00001000 * 00000000 *00000400 E0000080 [UERW]

02 UPX1 * 000A3000 * 00134000 * 000A2A00 *00000400 E0000040 [IERW]

03 .rsrc *00002000 * 001D7000 * 00001C00 *000A2E00 C0000040 [IRW]







later, I use Unpacker (Upx)





examply no remember the REAL VirtSize,RVA,PhysSize,Phys off and *Flags.



# *Name * VirtSize * * RVA * * *PhysSize *Phys off *Flags

__________________________________________________________________

01 BRAT * 00000000 * 00000000 * 00000000 *00000000 00000000 [UERW]

02 BRAT * 00000000 * 00000000 * 00000000 *00000000 00000000 [IERW]

03 BRAT * 00000000 * 00000000 * 00000000 *00000000 00000000 [IRW]

and OllyDbg equal says:

"code encryted or compress ........bla,bla,bla"
and cannot open the .exe fine

this is my problem who I can solve this??

I no have Experience in compressed/packed/encripted .exe

Best Regards!

zyzygy · #4 12-10-2004, 01:31 PM

hi ,

you could use the unpacker in proc-dump or upx itself .i think the unpacker you are using seems to has goofed up with the exe.

zyzygy

AarzaK · #5 12-12-2004, 12:06 PM

Problem->Solved

I use the upx, c:upx -d programname.exe

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode