How will I come to know that any EXE has been packed.?
Using Symbol loader!!
Tell me more about it

First off you can use a PE Scanner, I use pe-scan myself a lot, but the best method I use is manually - I open the file up in PE editor program (such as PEditor or LordPE) and examine the section tables. A packed executable always has more sections than an unpacked one (usually), or the names of the sections will give away that it is packed.

This is how I do it in 99.9% of cases. After you become more familiar with different packers, you will recognize which packer it is usually by these two techniques, rather quickly. Experience is key.

Another way is to open it up in a basic disassembler, like WinDASM. If all you get is junk codes or it doesn't open in WinDASM, you have a protected file of some kind.

And one other way is to run the program, and then try to look at its imports with ImpREC. If you are missing imports and have lots of invalid "thunks", then the program is most definitely protected (packed too, usually).

There's a lot of techniques you can use.


-nt20

With a lot of packed / protected files, you can usually recognise the assembler code using a debugger such as Ollydbg without actually running any of it. Sequences such as "PUSHFD ; PUSHAD" near the start of the code normally give away the fact that's it been packed/protected also, as do things like "PUSH EAX ; RET" and obvious looking self-modifying code.

However, you can never be 100% sure, but combining the above with other techniques such as examining the sections table can give you a pretty good guess.

I use Symbol Loader to open that exe.It displays an error like "Debug information is not found".Is it b'cze it has benn packed.
ProcDump is with me...Whether that s/w any use of this matter.?

Nope. It means the file is a retail release (final version, etc). Since Softice is a debugger for your own applications, when you debug them, you include debugging information. When you upload them to the net/etc, you remove this information.