Hi,
I got a 16-bit Windows (NE) .exe
FileInfo 2.45a indicates that it is packed with:

Optloader (SLR Systems) [1993]

There is a copyright text in the exe:

OPTLOADER - Copyright (C) 1993-95 Symantec Corporation.All Rights Reserved

who knows details about this packer and how to unpack?

thx in advance

Howdy,

Are you sure it is even packed ?
That prog is pretty old.

Woodmann

Yes, I am quite sure.
I did not know that exepackers even existed in those prehistoric times
I attach the file.

thx

why you ppl always did not read the FAQ!!!!!!!!!!!!!!!!!!!

NO SHAREWARES,COMMERCIALWARES SHOULD UPLOAD HERE!

sorry, excuse me ...
won't happen again.

Just when you think it's safe to come out again...THWACK

Looks like you're stuck digging through this one yourself or posting some relevant code. There seems to be about a grand total of 2 Google hits on this and the SLR Optloader packer seems to be related to PKLite v 2.00 and perhaps WinLite. Both of these are more likely to have info floating around about.

Windows Source version 8 (an oooold disassembler...) is supposed to handle Optloader specifically - "provides the ability to decompress and disassemble self-loading Windows 16 bit executables compressed with PKLite v 2.00 and SLR Optloader".


From a Babelfish-stuck-in-your-ear translated .ru site:
At present by the only samozagruzhayushchimisya programs are Microsoft Word 1..x, Microsoft Fortran, the early versions Microsoft Excel, and also programs packed with the aid of WinLite by Rosenthal Engineering and OPTloader by OPTlink software. The distinguishing feature of the samozagruzhayushchegosya application is that advanced into 1 11 bits of flags (on mask 800h). In addition to this in the samozagruzhayushchemsya file it must be provided function BootApp(), ExitApp(), LoadAppSeg(). With call BootApp() is assumed that it it will place selectors for each segment, that are contained in Ne- file itself will correct the table of segments. Each of these functions has in KERNEL the appropriate shell: BootAppl(), ExitAppl(), LoadApplSeg().

If you can figure out what a samozagruzhayushchimisya program is it might help (self-loading?). Then there's always the question of is it worth it...?

Kayaker

yep, it is rare that you get so few search results (without making a typo)
btw, you get 2 (!!) more hits to russian newsgroups, when you search for symantec optloader
but they all only deal with selfloading apps in general.
The other programs you mentioned seem to have no specific relation to optloader except for using the same selfloading mechanism.
I found a text describing selfloading apps, I will attach it.
I tried Windows Source 8, but it cannot decompress it.
I will try to let it decompress some pklite file, perhaps I am doing something wrong...

Hi

I had read that document on Self-Loading Windows Applications Overview (3.1) some time ago and never really understood what "self-loading" implied. It appears to be a special set of entry, exit and segment setup procedures that needed to be made if you were going to make any modifications to how an NE app started up, such as applying a wrapper or packer around it from the looks of it. Nowadays the parallel would seem to be, change the OEP and the PE program will load in any case, damn the torpedoes I'm taking over.

It looks like a horrid way to have to code an NE startup procedure! Somewhere in the NE header you specify the file should be loaded with your own private loader code with a flag of 0x0800 (bit 11 must be set). Then there's 6 required loader functions, 3 kernel and 3 user-defined which needed to be properly set up and used, and interestingly, special Exit code.

I can't think of any modern packer/protector that uses "Exit" code per se, unless some of the trickier ones detects/hooks application shutdown and traps that to make some checks/changes away from where a cracker might normally look, behind the scenes, after the window disappears from the desktop but before the controls/data are really destroyed, in an injected system thread separate from the main packer..., that kind of thing ;-) ...

Good luck unpacking this little monster, at least there's those 6 proc addresses in the header file which might give some info, post that Loader Data Table in the header file for fun if you find it.

Kayaker