UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...

Ted.

Unpecomp2.zip

very nice tools ted i love it may be it's interesting section

Thanks Ted, Works brilliantly.

Napalm

Thanks Ted

but manually unpacking pecompact is very simple by ready your tut

Yep unpacking pecompact is easy... but with this tool we can save time

Thanks to MadMickael/FFF for coding it and Ted for posting it to us!

ALiEN.

Teddy Rogers, thanks for this tool!

well i coded based from my oepfind debug engine unpec2 in asm, but one problem that all those and even ollydump fail to dump.

you wanna try target and findout why?

try PECompact2.55 unpackme from snd(that pacman on screen). and tell me whats wrong:)

i know whats wrong thats why i will change dump by imagesize to section by section dump.

also to be true mad mickael ****ed up ordinals, so far i havent encountered any exe that uses it, due bug there code will crash.

why?

oplait:

mov eax, CURRENTTHUNK

test eax, 0x80000000

jne ordinal

add eax, fmapview

ordinal:

MOV edx, FTHUNK

add edx, fmapview

mov ebx,[eax] //EBX == LA BONNE VALEUR

can you see read from memory in eax?

well ordinal is if most significant bit is set so 0x80000000

well but there will never be memory under address 0x8xxxxxxx

why?

due windows uses for programs 2GB space, but even there is no data to read.

we can expand space to 3GB by boot params large address aware or something like that but also PE exe has to be compiled with that param.

and from 0xC0000000 always is kernel.

edit:

ok here is my asm version of unpec2, whole code is mine, i just took places to break from mad mickael and optimized iat fixer, if on any file it will fail send it to me.

this one can now also unpack pecompact 2.55 unpackme.(i tested all unpackme from 2.40 till 2.78a and they work and compress with upx so nothing wrong with them)

why it failed before and fails for michael well its due header and 1st section most are after header so 401000

but here we have 410000 so 64kb not 4kb and rest 60kb is empty thats why we cant do readprocessmemory on whole imagesize due this area from 401000 till 410000 isnt allocated and api fails and dump is impossible, same is with ollydump, same bug. simple solution is to dump 4kb header but set in exe sizeofhader to 64kb and then copy from memory to dump section by section and now it works.

enjoy my first unpacker:)

unpec2.rar

Edited August 12, 200619 yr by human

Nice work human. Thanks for including the source... will have a read of that later.

Thanks heaps ted, I know this is old but it seems there is a new worm using this packer?! that I didn't have time to unpack manually.

Thanks

Thanks for the source, human.

Best regards,

T0ni

UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...

Ted.

thanks! very useful =D

thx human and ted for source

UnPeCompact 2 version 1.0 + Source Code by Mad Mickael...

Ted.

THX!!! Very useful!

Hi

You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is

that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed

However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe...

Any Idea. I am a newbie and am learning so am very confused...

Do any one of you have any new UNPECompact version that can do the job on new versions.

Thanks to all.

Hi

You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is

that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed

However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe...

Any Idea. I am a newbie and am learning so am very confused...

Do any one of you have any new UNPECompact version that can do the job on new versions.

Thanks to all.

thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge.

Hi

You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is

that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed

However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe...

Any Idea. I am a newbie and am learning so am very confused...

Do any one of you have any new UNPECompact version that can do the job on new versions.

Thanks to all.

thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge.

Thanks for quick reply and advise.

Did you mean that the EXE i want to uppack is compressed with UPX first and then recompressed with Pecompact ?

When I check my Exe with "exeinfope" it tells me that it is packed with " PEcompact ver.2.78a ~2.94 - www.bitsum.com "

I will appreciate your comments please. Please guide me how should I unpack.

Many Thanks

Hi

You guys are genious. I have tried the unpackers and they worked well on on of my file BUT the problem is

that I can not see any Menu and dialong items in Resources and i get a message that Exe is still compressed

However I can see the Icons now which were compressed before. Sobasically Unpackers have onl unpacked Icons in the exe...

Any Idea. I am a newbie and am learning so am very confused...

Do any one of you have any new UNPECompact version that can do the job on new versions.

Thanks to all.

thats because the compiled unpacker is packed by UPX, you need to unpack it first before open it in resource editor to work. its not because we are genius, u need learn to know something, and we are here for learn and share the knowledge.

Thanks for quick reply and advise.

Did you mean that the EXE i want to uppack is compressed with UPX first and then recompressed with Pecompact ?

When I check my Exe with "exeinfope" it tells me that it is packed with " PEcompact ver.2.78a ~2.94 - www.bitsum.com "

I will appreciate your comments please. Please guide me how should I unpack.

Many Thanks

Hi Guys

I am still wating for some expert comments on my earlier request... Please reply

Thanks.

Hi , this is great tool thank you but I dont know if there is an easy way to fix the program after unpacking ,I did try it in PEcompact 2.x and the program dosnt work I get Run time error "floating point support not loaded"

Thanks for share!

Thx!

THX Ted;)

yea U are THE BEST.

Very nice tool. (: