PDA

View Full Version : Unpacking UPX


mahdi
October 18th, 2013, 15:24
hello everyone ..

i have a exe file that it packed via UPX ..
but i think its modified some after packing with UPX ..
i know about "-d" switch in upx packed for unpack it ..
i used it.. after unpacking i catching a message box on start of application that says "Range check error."

i think the unpacked file MUST be same as packed file on running .. do u think so ?!?

then i tried manual unpacking..
i saw this tutorial (http://www.youtube.com/watch?v=42bgdnCvQMI)..
it use PUSHAD & POPAD technique.. i've done it and finaly i made a 600KB dumped file !
when i tried unpacking with upx itself , i got 2.96mb file !

again i was unsuccessful

can anyone say any tips for me ?

mahdi
October 20th, 2013, 15:58
Here U R..
this is my file

http://5.56.134.17/pg.rar

please help me

R33N
October 21st, 2013, 18:12
C:\>upx -d pg400404.exe
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2013
UPX 3.91w Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013

File size Ratio Format Name
-------------------- ------ ----------- -----------
3117088 <- 2827296 90.70% win32/pe pg400404.exe

Unpacked 1 file.


Worked fine for me. Sure you are using newest version of UPX?

String section of UPX before with version:
This program must be run under Win32
UPX0
UPX1
.rsrc
3.04
UPX!
Boolean
True
Char?
Integer
M3w/
ByWl'Word

String section with UPX removed:
This program must be run under Win32
.text
`.itext
`.data
.bss
.idata
.tls
.rdata
@.reloc
B.rsrc
Boolean
False
True

mahdi
October 22nd, 2013, 06:00
tnQ for your reply

i gave this result too..but run the application..
you'll see error "Range error check."..are u ?

but when u run packed application , it will runed completly..
u dont know why ?

is it releated to RLpack? :-?