Hi,

I have an application that I want to unpack cause if I open it with IDA I see a lot of "rubbish". Anyway, I was wondering how I can know with which packer a certain program is packed? Are there any tools to detect this? I am trying to use procdump to unpack but when I choose unknown as unpacker it gives me an error message: Process isn't 32 bit or is already finished...

thanks,

Corpus

In my opinion isn't Proc-dumper pick if don't know concrete compressor,find him by the help of Pe-Scan and then use unpacker,that is programme compression-after-mostly then you needn't edit PE header (isn't as a rule)

There are certain tools you can use to detect with which packer a program is packed with. For instance there are PEID or Language2000.. Try to google for "unpackers" and you will quickly come across a detector for packers like the two mentioned above.

Greets *RemedY*

Yes, subscribe and Language 2000 advise!

Although I've looked, I've not seen anything to suggest that Language 2000 has been updated since the year 2000. Assuming my research is correct, one of the other identifiers would probably be more up to date.

Regards,

PEiD all the way

These tool them to a flabby much (LordPE),but for beginner get past such,which him exclude from quantity "down-the-line"information.
Btw Peid ,yes good.

Thanks for the quick replies,

I am gonna check out that PeId tool u guys suggested.

You can use file analyzer to find out which packer det exe-file is packed with. Or in some other case the compiler..

have some CME in which are neither described pe header (are two),is it scram and in the same way me nothing no-show wherewith.What about it?What advise tool (after-touch,that you classical fail).

ThX **llAmElliK**

Wtf, seems like eval has quite the worthy opponent here...