PDA

View Full Version : Unpacking UPX

melvill
06-20-2003, 02:42 AM
Hi Guys,

hv read some where that it is possible unpacking UPX file on debuggin session with OLLY is that correct ? if yes how ?

rgds

Melvill
Anonymous
06-20-2003, 03:50 AM
yes it's correct. Just search for the famous signature bytes, breakpoint, run, dump. Job done
Ricardo Narvaja
06-20-2003, 07:20 AM
the plugin ollydmp is useful, and have a tracer to help find the OEP to dump.

Ricardo
Anonymous
06-20-2003, 02:14 PM
Hello Ricardo
Can you write a tut about how to use ollydmp please?

regards
Ricrado Narvaja
06-20-2003, 03:54 PM
i write many tuts and i have a tut how unpack upx with ollydmp but is not translated is in spanish and for XP.

Ricardo
melvill
06-21-2003, 02:19 AM
Thks Guys

Ricardo, can you send this tut for me ? i understand Spanish

melvill@crkportugal.com

thnks
Anonymous
06-21-2003, 06:26 AM
loooool

And what about us?
I don't understand Spanish lng.
Anonymous
06-21-2003, 09:07 AM
Why do you need a tut for UPX? It's by far the easiest packer to unpack !
Anonymous
06-21-2003, 10:48 AM
I don't need a tut for UPX ,I need a tut about how to use OllyDmp only.
Anonymous
06-21-2003, 11:11 AM
If you don't understand spanish, use Babelfish.

Also, I find LordPE better than OllyDump.
Ricrado Narvaja
06-21-2003, 03:14 PM
LordPE is different OLLYDMP.

If you dump with ollydmp and rebuild with lordpe, ollydmp try reconstruct the IAT, the 90 % of unpackings in UPX, rebuild perfect IAT, with lordpe is a good dumper but no rebuild THE IAT, the dumped run only in your machine if run, and you need use IMPORT RECONSTRUCTOR or REVIRGIN, with OLLYDMP is not necesary, make all the work.

Ricardo
RobMad
06-22-2003, 08:56 AM
Ricardo Narvaja, can you send me the tut for unpack UPX in Ollydbg?
ps: I can read spanish well!

robmad@hotmail.com

Thanks!!!
Anonymous
06-24-2003, 08:21 PM
Yah send me too please :P

I understand spanish TOO (babelfish even)

Thanks

TByteSoft@ntlworld.com
Anonymous
06-27-2003, 08:32 AM
http://www.geocities.com/r_etarded/ollydump.html

a tute to unpack with olly/ollydump for UPX/FSG
Anonymous
07-03-2003, 04:01 AM
Checkout GuiPEX. A program that is make to both uncompress/compress programs. Works like a charm.
Anonymous
07-05-2003, 08:04 AM
I am a noob to unpacking. I followed the tutorial above and unpacked the exe.
But when i load the unpacked exe in Olly, Olly says that the Entry Point is outside the code as specified in the PE Header. So i can't set breakpoints very well. Is this ok? If not, how can i correct the PE Header in this example tutorial? Sorry for my bad english Thanks.
pov
07-05-2003, 12:07 PM
Change the flags of the section containing the real entry point to executable, and then ensure that the Baseofcode and Baseofdata pointers in the PE header are correct.
Ricrado Narvaja
07-05-2003, 02:51 PM
Is not a truoble this, in a pecked program this cartel always appear, and in a unpacked program too, is not important don't worry and continue.

Ricardo