I am strictly a newbie, but the reason i posted here is because i am dealing with a packer.

What did i try?

I tried using peid,protection_id, PE Explore from heaven tools, RDG and they all said that either it wasn't packed or packed with an unknown packer.
I tried dumping the process, and while that did make the file larger and the exe was still working, it was still not unpacked.
I used Packingstone plugin for peid and it said it wasn't packed, but when opening the file with olly it said it was compressed.
Peid only tells me that the EP and Entropy is packed, but no info on packer(custom packer?)

I have seen the true unpacked version of this file and it gives no such error in olly meaning it was unpacked therefore it was packed.

So how do i find a packer, which is unknown and no tool has it's signatures?

So why do you need to know the packer?

You can do what the anti-virus guys do when they face an unknown packer: Run it in a VM under IDA Pro (you can alternatively check www.hexblog.com for Ilfak's entry on how to decrypt a virus using IDA PRO and IDC, though you'll have to go back months to get that entry)

Single stepping in IDA PRO or Olly (not my favourite) should get you around the packer. No issues here.

And for starters, you can create a loader to patch the programs (the loader creators by Diablo / Iczelion are good). THEN, when you have learnt sufficiently, you can try to dump and fix the PE/imports/data/sections, what not.

Of course, if you are planning to go the hardcore unpacking way, maybe crunchi.htm will be a good starting point (check out Woodman's archive of the old fravia site), or alternatively, try searching for Tiga's video tut that shows you how to unpack using IDA PRO, in video

Have Phun

You used RDG Packer detector?

Hello,

This subject has been moved to the Newbie section.