PDA

View Full Version : UPX unpacking


theeta
November 26th, 2001, 04:40
hi there....i was working on a worm(server file) that can be downloaded form http://subseven.slak.org.....the problem being that it's packed with UPX.....
i have UPX unpackers but they don't seem to work...( giving message that the file is hacked,broken and can not be unpacked)
any help???

DakienDX
November 26th, 2001, 12:44
Hello theeta !

UPX versions less than 1.00 can not be unpacked by UPX itself. You can use ProcDump for them.

Two more things:
1 - This is a RCE Messageboard (=Reverse Code Engineering) and not a Hacking Board.
2 - There should be an unpacked version of SubSeven available on the internet.

theeta
November 27th, 2001, 08:46
got it..
thnx...

theeta.

swissknife
November 27th, 2001, 21:00
You can also try file scanner.
This prog unpacks most of the older packers.

The process in not perfect. If you unpack a file packed with upx >1 with upx itself you get better results than unpacking with file scanner.

Also procdump runs a file to unpack it while i belive file scanner does not.

All best