Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Unpack] PECompact v3.00.1

lolz2much
lolz2much
in UnPackMe

Featured Replies

Posted

Hello, here i share with you a packed file.

PECompact v3.00.1

1-Unpack it

2-(Optional) Enable button to show the hidden mesage.

Greetz.

PEC300.rar

    •
    • Like 1

    PEcompact 3.00.1 OEP Finder

            var temp
            var rsrc
            var imgb
            var oep        
    GMI eip, MODULEBASE 
    mov imgb, $RESULT
    find imgb, ".rsrc"
    mov temp, $RESULT
    add temp, C
    mov rsrc, [temp]                                 
    add rsrc, imgb
            find rsrc, #5A5E5F595B5DFFE0#  
            mov oep, $RESULT
            add oep,6
            bp oep
     run        
            sti           
    cmt eip, "OEP"
            ret
    • Author

    PEcompact 3.00.1 OEP Finder

            var temp
            var rsrc
            var imgb
            var oep        
    GMI eip, MODULEBASE 
    mov imgb, $RESULT
    find imgb, ".rsrc"
    mov temp, $RESULT
    add temp, C
    mov rsrc, [temp]                                 
    add rsrc, imgb
            find rsrc, #5A5E5F595B5DFFE0#  
            mov oep, $RESULT
            add oep,6
            bp oep
     run        
            sti           
    cmt eip, "OEP"
            ret

    :o Too easy?

    Edited by lolz2much

    PECompact isnt meant to be hard to unpack..... its a packer, not a protector.

    Basic ESP trick + import rebuild should usually sort it.

    • Author

    And could you say me what is the packer of "123.flt" (Is a dll) But PeID can't recognise it.

    Thanks.

    123.rar

    Have you tried the other detectors?

    Protection ID is your best bet.

    • Author

    I have tried with RDG Packer Detector v0.6.6 2k8.exe and it detects PECompact 2.x or 2.7. Anyway unpack dlls is very difficult for me, all dumped dlls then won't work. may be OEP: 10012A36

    • 2 years later...

    I know this is an ooooold topic, sorry for this, anyway, just playing with PECompact files I came across this post, so here is the 123 file rebuilt as a dll...

    ...and here is the revirgin module. All of this stuff will help for a new tut about completely reversing this packer. ;)

    Best regards

    Nacho_dj

    123Revirgin.rar

    123.rar

    •
    • Like 1
    • 3 months later...

    Borland Delphi 4.0cc_chinese.gifOEP=667DC

    Edited by Zhaobo

    • 2 years later...

    hi bro


     


    Unpacked File


    dump_.zip

    Edited by Pr0c3ss

    hi bro

     

    Unpacked File

    Glad you solved.

    ;)

    •
    • Haha 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.