retrokode
August 20th, 2007, 08:26
Hey folks!
Last week I was tried to analyze and break a protection of an application (written in Delphi, i saw in reshacker), since then i'm facing a problem
... I know the application is protected, all resources are packed, then i decied to analyze it with PeID, the problem: PeID simply doesnt recognize the packer, even the crypto algo, simply nothing! And the most weird thing is that how the Reshacker showed me that it seems to be a Delphi application, PEID showed that it seems to be and MSVC compiled exe!!!! That is confusing me...
Finally I found another PE analyzer, called PEPirate, and I opened the EXE with PEPirate and it showed that the EXE is packed with SDProtector Pro 1.16! That was a good thing I though because I found too a tool written by Loveboom to unpack SDProtector packed exe's! Another problem, the tool reported that application is not packed with SDProtector!!!!
My question is:
1. Is there some similarities between SDProtector and another pack signatures?
2. Why PEID recognize that is MSVC and the application seems to be a Delphi exe?
3. What it's the best way to try to unpack that exe if I even know what protection was used?
Thanks for the help. Regards!
Last week I was tried to analyze and break a protection of an application (written in Delphi, i saw in reshacker), since then i'm facing a problem

Finally I found another PE analyzer, called PEPirate, and I opened the EXE with PEPirate and it showed that the EXE is packed with SDProtector Pro 1.16! That was a good thing I though because I found too a tool written by Loveboom to unpack SDProtector packed exe's! Another problem, the tool reported that application is not packed with SDProtector!!!!
My question is:
1. Is there some similarities between SDProtector and another pack signatures?
2. Why PEID recognize that is MSVC and the application seems to be a Delphi exe?
3. What it's the best way to try to unpack that exe if I even know what protection was used?
Thanks for the help. Regards!