Results 1 to 12 of 12

Thread: unpacking a dll

  1. #1
    zyzygy
    Guest

    unpacking a dll

    Hi guys,

    Could somebody tell me how to unpack a dll form any packer,general theory ?thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    The FIRST thing to do is read the BIG RED LETTERS at the top of the Forums and then read the FAQ. That will tell you to search for answers BEFORE you post a question.

    Go to the search button at the top of the Forums and enter "unpack dll" (without the quotes) and read the many threads you will find with that search.

    Regards,
    JMI

  3. #3
    it works the same way as a executable... you can use a PE Editor to change characteristics that windows don't think it is a dll and then execute it or use ollydebug. i think it's better to change characteristics. then unpack as usual

  4. #4
    Registered User cRk's Avatar
    Join Date
    Apr 2003
    Location
    out of hell
    Posts
    152
    you can use a PE Editor to change characteristics that windows don't think it is a dll and then execute it

    exaclty which characteristics to change?? and what values to change for ?


  5. #5
    for DLLs, you have to subtract 2000 from characteristics to make windows think it is an executable.

    example:
    characteristic of DLL: 210E
    - 2000 = 010E

    windows will think it is an executable. of course it is only for unpacking. the dll itself won't run. after unpacking, change characteristics back or dll won't work

    @Crk
    characteristics in PE Header
    Last edited by MaRKuS-DJM; June 19th, 2004 at 09:14.

  6. #6
    zyzygy
    Guest
    thanks for the info will try it out

    could you tell me how to do it exactly ?thanks a million
    Last edited by zyzygy; June 19th, 2004 at 08:18.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Winds of Change
    Join Date
    Feb 2004
    Location
    Reality, unlike some people
    Posts
    43
    Quote Originally Posted by MaRKuS-DJM
    for DLLs, you have to subtract 2000 from characteristics to make windows think it is an executable.

    example:
    characteristic of DLL: 210E
    - 2000 = 010E

    windows will think it is an executable. of course it is only for unpacking. the dll itself won't run. after unpacking, change characteristics back or dll won't work
    That's an excellent idea, never thought of that approach
    Regards,
    %UNDEFINED%

    "Without change one cannot evolve."

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    could you tell me how to do it exactly ?
    No.

  9. #9
    Or to elaberate on dELTA's, somewhat cryptic response, that's why the Diety inventy the internet. So that you could search the net and find information about things you don't know how to do. Why heck, you could even try SEARCHING for an answer HERE. There is a search button here, don't ya know???

    Using the words: "PE Editor change characteristics" (without the quotes) you should find some interesting reading about PE headers and at least a couple of kinds of "characteristics" one might change.

    These is also alot of information on the net about the PE file format you probably should become familiar with if you intend to actually learn how to unpack.

    Regards,
    JMI

  10. #10
    zyzygy
    Guest
    Ok thank you for the replies ,i will surely do that .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    nice tips on the .dll > exe MarKUS

    can load dll in olly now

  12. #12
    Somtimes it is necessary to load the dll for unpacking without any changes,
    because of CRC selfchecking. For this approach I usualy do a small program
    with LoadLibrary() function inside, then a famous Spl/\js 'BPX ORD_0056+94'
    breakpoint under win98 will do a job (or "Break on new module" under Olly?).
    Neviens.

Similar Threads

  1. Need help in unpacking
    By siddhartha in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: February 23rd, 2004, 01:36
  2. About ocx unpacking.
    By cnbroken in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: September 28th, 2003, 12:21
  3. dll unpacking
    By w00tz in forum The Newbie Forum
    Replies: 3
    Last Post: June 16th, 2003, 18:19
  4. UPX unpacking
    By theeta in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: November 27th, 2001, 21:00
  5. unpacking
    By Scally6 in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: January 17th, 2001, 17:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •