Results 1 to 11 of 11

Thread: Unpacker Detection

  1. #1
    Corpus
    Guest

    Unpacker Detection

    Hi,

    I have an application that I want to unpack cause if I open it with IDA I see a lot of "rubbish". Anyway, I was wondering how I can know with which packer a certain program is packed? Are there any tools to detect this? I am trying to use procdump to unpack but when I choose unknown as unpacker it gives me an error message: Process isn't 32 bit or is already finished...

    thanks,

    Corpus
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    llAmElliK
    Guest

    RE-unpack

    In my opinion isn't Proc-dumper pick if don't know concrete compressor,find him by the help of Pe-Scan and then use unpacker,that is programme compression-after-mostly then you needn't edit PE header (isn't as a rule)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    *RemedY*
    Guest
    There are certain tools you can use to detect with which packer a program is packed with. For instance there are PEID or Language2000.. Try to google for "unpackers" and you will quickly come across a detector for packers like the two mentioned above.

    Greets *RemedY*
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    llAmElliK
    Guest

    Re unpackers

    Yes, subscribe and Language 2000 advise!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Although I've looked, I've not seen anything to suggest that Language 2000 has been updated since the year 2000. Assuming my research is correct, one of the other identifiers would probably be more up to date.

    Regards,
    JMI

  6. #6
    EJ12N
    Guest
    PEiD all the way
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    llAmElliK
    Guest

    RE unpack

    These tool them to a flabby much (LordPE),but for beginner get past such,which him exclude from quantity "down-the-line"information.
    Btw Peid ,yes good.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Corpus
    Guest
    Thanks for the quick replies,

    I am gonna check out that PeId tool u guys suggested.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    dev_zero
    Guest
    You can use file analyzer to find out which packer det exe-file is packed with. Or in some other case the compiler..
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    llAmElliK
    Guest

    Any PE Header

    have some CME in which are neither described pe header (are two),is it scram and in the same way me nothing no-show wherewith.What about it?What advise tool (after-touch,that you classical fail).

    ThX **llAmElliK**
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Wtf, seems like eval has quite the worthy opponent here...

Similar Threads

  1. Unpacker PECompact 1.2
    By Nacho_dj in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 15th, 2014, 17:17
  2. Write your Own Unpacker
    By AmrThabet in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: August 6th, 2010, 18:10
  3. Morphine 2.7 Unpacker?
    By y2k3 in forum OllyScript Plugin
    Replies: 8
    Last Post: March 29th, 2005, 13:39
  4. Unpacker for FSG wrote
    By evaluator in forum Off Topic
    Replies: 14
    Last Post: May 1st, 2003, 13:53
  5. where to find a PKLite 2.01 Unpacker?
    By tudou in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: July 17th, 2001, 11:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •