Teddy Rogers Posted May 16, 2006 Posted May 16, 2006 UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...Ted.Unpecomp2.zip 1
Hasl Posted May 16, 2006 Posted May 16, 2006 very nice tools ted i love it may be it's interesting section
soda Posted May 17, 2006 Posted May 17, 2006 Thanks Tedbut manually unpacking pecompact is very simple by ready your tut
ALiEN Posted May 17, 2006 Posted May 17, 2006 Yep unpacking pecompact is easy... but with this tool we can save time Thanks to MadMickael/FFF for coding it and Ted for posting it to us! ALiEN.
human Posted August 12, 2006 Posted August 12, 2006 (edited) well i coded based from my oepfind debug engine unpec2 in asm, but one problem that all those and even ollydump fail to dump. you wanna try target and findout why? try PECompact2.55 unpackme from snd(that pacman on screen). and tell me whats wrong:) i know whats wrong thats why i will change dump by imagesize to section by section dump. also to be true mad mickael ****ed up ordinals, so far i havent encountered any exe that uses it, due bug there code will crash. why? oplait: mov eax, CURRENTTHUNK test eax, 0x80000000 jne ordinal add eax, fmapview ordinal: MOV edx, FTHUNK add edx, fmapview mov ebx,[eax] //EBX == LA BONNE VALEUR can you see read from memory in eax? well ordinal is if most significant bit is set so 0x80000000 well but there will never be memory under address 0x8xxxxxxx why? due windows uses for programs 2GB space, but even there is no data to read. we can expand space to 3GB by boot params large address aware or something like that but also PE exe has to be compiled with that param. and from 0xC0000000 always is kernel. edit: ok here is my asm version of unpec2, whole code is mine, i just took places to break from mad mickael and optimized iat fixer, if on any file it will fail send it to me. this one can now also unpack pecompact 2.55 unpackme.(i tested all unpackme from 2.40 till 2.78a and they work and compress with upx so nothing wrong with them) why it failed before and fails for michael well its due header and 1st section most are after header so 401000 but here we have 410000 so 64kb not 4kb and rest 60kb is empty thats why we cant do readprocessmemory on whole imagesize due this area from 401000 till 410000 isnt allocated and api fails and dump is impossible, same is with ollydump, same bug. simple solution is to dump 4kb header but set in exe sizeofhader to 64kb and then copy from memory to dump section by section and now it works. enjoy my first unpacker:) unpec2.rar Edited August 12, 2006 by human 1
Loki Posted August 14, 2006 Posted August 14, 2006 Nice work human. Thanks for including the source... will have a read of that later.
Guest nofrillz Posted July 10, 2007 Posted July 10, 2007 Thanks heaps ted, I know this is old but it seems there is a new worm using this packer?! that I didn't have time to unpack manually.
glaufan Posted May 29, 2008 Posted May 29, 2008 UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...Ted.thanks! very useful =D
Nitrocica Posted June 8, 2008 Posted June 8, 2008 UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...Ted. THX!!! Very useful!
sukpuk Posted February 17, 2009 Posted February 17, 2009 Hi You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe... Any Idea. I am a newbie and am learning so am very confused... Do any one of you have any new UNPECompact version that can do the job on new versions. Thanks to all.
nickpalingcool Posted February 17, 2009 Posted February 17, 2009 Hi You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe... Any Idea. I am a newbie and am learning so am very confused... Do any one of you have any new UNPECompact version that can do the job on new versions. Thanks to all. thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge.
sukpuk Posted February 17, 2009 Posted February 17, 2009 Hi You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe... Any Idea. I am a newbie and am learning so am very confused... Do any one of you have any new UNPECompact version that can do the job on new versions. Thanks to all. thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge. Thanks for quick reply and advise. Did you mean that the EXE i want to uppack is compressed with UPX first and then recompressed with Pecompact ? When I check my Exe with "exeinfope" it tells me that it is packed with " PEcompact ver.2.78a ~2.94 - www.bitsum.com " I will appreciate your comments please. Please guide me how should I unpack. Many Thanks
sukpuk Posted March 1, 2009 Posted March 1, 2009 Hi You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe... Any Idea. I am a newbie and am learning so am very confused... Do any one of you have any new UNPECompact version that can do the job on new versions. Thanks to all. thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge. Thanks for quick reply and advise. Did you mean that the EXE i want to uppack is compressed with UPX first and then recompressed with Pecompact ? When I check my Exe with "exeinfope" it tells me that it is packed with " PEcompact ver.2.78a ~2.94 - www.bitsum.com " I will appreciate your comments please. Please guide me how should I unpack. Many Thanks Hi Guys I am still wating for some expert comments on my earlier request... Please reply Thanks.
sameer Posted March 5, 2009 Posted March 5, 2009 Hi , this is great tool thank you but I dont know if there is an easy way to fix the program after unpacking ,I did try it in PEcompact 2.x and the program dosnt work I get Run time error "floating point support not loaded"
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now