Log in

View Full Version : Packer identifyer


n03l
December 27th, 2001, 14:45
Hi all, I have a small program that is packed with somekind of packer. I have tryed some unpacker's, but up till now no luck.

Is there a tool to let me know what type of packer is used?

n03l.

Viper
December 27th, 2001, 15:38
yea a file anlyzer

stealthFIGHTER
December 27th, 2001, 18:09
Quote:
Originally posted by n03l
Hi all, I have a small program that is packed with somekind of packer. I have tryed some unpacker's, but up till now no luck.

Is there a tool to let me know what type of packer is used?

n03l.


Um, read the attachment.

sF

_Servil_
December 27th, 2001, 20:42
PE iDentifier 0.7 Beta by snaker & Qwerton
------------------------------------------

PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect around 260 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Commandline support, Always on top and Drag'n'Drop capabilities.


There are 3 different and unique scanning modes in PEiD.

The *Default Method* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.

The *Hardcore Method 1* scans the PE file's Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.

The *Hardcore Method 2* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous ouputs may result.

The scanners inbuilt scanning techniques has error control methods which ensure generally correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!


We intend to update the signatures quite often to keep pace with this ever involving scene
Please report all bugs and ideas to Qwerton -> qwaci@gmx.net
Please report new signatures or packer info to snaker -> snaker@myrealbox.com

ALL SUGGESTIONS, IDEAS, BUG REPORTS AND CRITICS ARE WELCOME.

Greets
------

Qwerton, CHRiST0PH, uno, DAEMON, VAG, SAC, Gamumba, SnowP and all the rest at UG, Michael Hering, tE!, pusher, CoDE, BaND, Snacker, MackT, skamer, Clansman, innuendo, dshadow, cokine, AiRW0lF and all the rest at EMB, Carpathia, LordofLA, r!sc, NoodleSPA, SiR_dReaM, CHoRDLeSS, JaCK, p0tHEAD, XasX and all at TNT! and all who helped with PEiD


snaker, cokine, Iczelion, Clansman, Z-Wing, Unknown One/TMG, PeeWee, DnNuke, sinny/BAFH, all the other nice people in CiA, UG2001 and all of you who helped us develope PEiD. Thanks!


snaker & Qwerton Productions
-2001-

Viper
December 27th, 2001, 20:54
PE iDentifier 0.7 Beta is good
i suggest u try file insPEctor XL i think its a little better

peterg70
December 27th, 2001, 22:45
Sounds Like an advertisement ??

Viper
December 27th, 2001, 22:59
if im not mistaken the post by _Servil_ was mostly taken outof the txt file that comes with PE iDentifier

npcracker
December 28th, 2001, 01:37
I have got chance to read the tut by Splaj on packed exe. And he had explained so nicely with the packed notepad.exe. But how come he know that predictable number of byte in ASpack Petite and other.

if i found a new software that is packed with new packing software, may i able to know the predictable byte of that code as done by splaj.


You can find splaj tutorial in the thread called
SPLAJ TUTORIAL in newbies area.

GeneralD
December 30th, 2001, 08:25
Hi , npcracker.

I`ve got v. good pack-analyzer.
If you want it, mail me (it`s about 500Kb)

I`m sure that it will tell you what is programm packed with.

If not, try Hackers View , `cause most of authors of packers leave info in packed file )

Best regards
GeneralD

mailto generald@poczta.onet.pl

npcracker
December 31st, 2001, 23:35
Hi GenaralD

thank u for ur unpacker.

npcracker

riPPadoGG
January 1st, 2002, 04:14
Hi..

1.Any working link to insPEctor XL
2.Any file analyzer that supports other Windows exe types such as NE?? - too much to ask??

regards
doGG

ThrawN
January 1st, 2002, 05:20
UN PACK does i think. Correct me if i am wrong though

http://www.programmerstools.org/files/unpackers/un-pack.zip

Viper
January 1st, 2002, 08:01
hey riPPadoGG,

h**p://www.exetools.com is the link i got it from

ThrawN, so there are no attacks on the forum from people who might want to see it closed
please take a look at this
http://www.woodmann.net/forum/showthread.php?s=&threadid=2312

especially the post by |BoomBox- and DakienDX

ThrawN
January 1st, 2002, 09:31
Ok dokie sorry bout that

=)