OcxUnpacker
June 27th, 2004, 15:07
i have a problem with a ocx file, i cant open it with pe -explorer, mh the problem is in the header? how i can open it? with which tool?
View Full Version : ocx unpack header?
JMI
June 27th, 2004, 15:56
What have you done to try to help yourself? Have you even read the FAQ listed in the BIG RED LETTERS?
Regards,
Regards,
OcxUnpacker
June 27th, 2004, 20:26
i will unpack a ocx file of a voicechat client
JMI
June 27th, 2004, 20:43
You seem to have some problems understanding English. Have you read the FAQ?
Regards,
Regards,
OcxUnpacker
June 28th, 2004, 06:09
yes
JMI
June 28th, 2004, 06:25
Great. Now... what have you done to try to help yourself????
Regards,
Regards,
OcxUnpacker
June 28th, 2004, 07:24
I have try it with upx to open did not fold,afterwards it does not try to open with PE- exlporer went also.
Where is the problem? protected?
Where is the problem? protected?
SvensK
June 28th, 2004, 08:44
lol, great stuff 
esther
June 28th, 2004, 10:41
This link will certainly you unpacking upx whatever http://www.methodlab.com/404.swf
bilbo
June 28th, 2004, 11:47
esther, your link was pointed out less than 15 days ago by SplAj...
not to blame you, just to say I am a careful reader of this forum :-)
OcxUnpacker, you had better to make the same question to PE explorer support (h..p://www.heaventools.com/support.htm): they "want to hear from you!"
Regards, bilbo
not to blame you, just to say I am a careful reader of this forum :-)
OcxUnpacker, you had better to make the same question to PE explorer support (h..p://www.heaventools.com/support.htm): they "want to hear from you!"
Regards, bilbo
esther
June 28th, 2004, 12:23
Well the mod has warn him twice he seems doesn't bother to read the faq and search. 
That link will certainly help him
That link will certainly help him
OcxUnpacker
June 28th, 2004, 12:39
mh i have open the ocx with a hex editor
$Id: NOHACK v2.0 .UPX!....Q.A.6
what is that?
$Id: NOHACK v2.0 .UPX!....Q.A.6
what is that?
evlncrn8
June 28th, 2004, 22:32
Quote:
| [Originally Posted by OcxUnpacker]mh i have open the ocx with a hex editor $Id: NOHACK v2.0 .UPX!....Q.A.6 what is that? |
looks like text to me.. or it could be a free mc donalds voucher, redeemable at your local store.. do some fucking research and find out
bilbo
June 29th, 2004, 02:43
The only thing I can tell you is that your file has been compressed by some (unknown to me) hacked release of UPX compressor ("UPX!" is the original signature). Everyone can build an hacked release of UPX, because the sources are available. Or, even easier, you can hide/modify some fields, and manual decompression (UPX -D) will not work anymore.
You can:
(a) restore some critical fields in UPX compressed file (see for example
h..p://www.joestewart.org/tools/upxrestore.pl) and then "upx -d"
(b) disassembly the file and reverse engineer it (you can bet that this approach will work always!)
By the way: searching google I found the same answer on a german forum (h..p://www.boardy.de/showthread.php3?threadid=34297442), more than one month ago. No progress in the meanwhile?
Regards, Bilbo
You can:
(a) restore some critical fields in UPX compressed file (see for example
h..p://www.joestewart.org/tools/upxrestore.pl) and then "upx -d"
(b) disassembly the file and reverse engineer it (you can bet that this approach will work always!)
By the way: searching google I found the same answer on a german forum (h..p://www.boardy.de/showthread.php3?threadid=34297442), more than one month ago. No progress in the meanwhile?
Regards, Bilbo
Kayaker
June 29th, 2004, 03:36
Quote:
| [Originally Posted by bilbo]found the same answer on a german forum |
Lol, 5 will get you 10 (good odds) both posters are one and the same person?... A couple of words from a Babelfish mutilation, er translation, from that post seem to crop up here... mh, fold ??
OcxUnpacker
June 30th, 2004, 11:40
which toolz i need to unpack manually a ocx file,and i need a how to about ocx unpack
Kayaker
June 30th, 2004, 17:28
Hi
What you need to start with is some basic reversing skills. You'll never unpack this ocx without learning to unpack UPX in general. I don't know how much of this you will understand but,
Download UPX and protect Notepad with it.
Search for one of the many UPX tutorials you can find linked to on this site.
Search for one of the many UPX posts discussing it on this forum.
Learn to unpack UPX in your sleep. It's a very easy packer to learn about unpacking on, and the best to start with for anyone.
When you've done that, take another look at the ocx. You need to understand the *differences* between regular UPX and this NOHACK version first. Then you can try to unpack the ocx. Learn how to break on the entry point of a dll/ocx and figure out how to trace and dump the file. There is nothing you can do until you learn some basic reversing, so go do it.
You uploaded a link to the ocx and asked "can erverybody decommpressed it? You need to understand nobody can unpack it without an ocx loader of some sort to start with. YOU have that. YOU need to help yourself. Also understand that what you did is against forum policy, nor the way things are done in this RCE world, nobody here will unpack it for you.
However, to pull a story out of my ass, it's full identification is
$Id: NOHACK v2.0(C) 2003-2004 SER SISTEM Tech. All Rights Reserved. by MONSTER UPX!
It's a regular Delphi ocx which can be opened with LordPE or most any other PE editor. IAT table looks relatively undamaged, all resources are visible, first 2 sections renamed to # (renamed or modifed UPX0/UPX1 sections. No idea about internal changes. NoHack is a also a term adopted by a group concerned with trojans on irc clients and Chinese firewall software.
Btw, we may need some new Smilies...
"Have you read the FAQ?"
"yes"
Suggest emoticons for: Blank Stare, Uncomprehending Blink, Shuffle Feet, Stare at Ground, Whistle Nonchalantly, Back Away Slowly, Turn and Run.
K.
What you need to start with is some basic reversing skills. You'll never unpack this ocx without learning to unpack UPX in general. I don't know how much of this you will understand but,
Download UPX and protect Notepad with it.
Search for one of the many UPX tutorials you can find linked to on this site.
Search for one of the many UPX posts discussing it on this forum.
Learn to unpack UPX in your sleep. It's a very easy packer to learn about unpacking on, and the best to start with for anyone.
When you've done that, take another look at the ocx. You need to understand the *differences* between regular UPX and this NOHACK version first. Then you can try to unpack the ocx. Learn how to break on the entry point of a dll/ocx and figure out how to trace and dump the file. There is nothing you can do until you learn some basic reversing, so go do it.
You uploaded a link to the ocx and asked "can erverybody decommpressed it? You need to understand nobody can unpack it without an ocx loader of some sort to start with. YOU have that. YOU need to help yourself. Also understand that what you did is against forum policy, nor the way things are done in this RCE world, nobody here will unpack it for you.
However, to pull a story out of my ass, it's full identification is
$Id: NOHACK v2.0(C) 2003-2004 SER SISTEM Tech. All Rights Reserved. by MONSTER UPX!
It's a regular Delphi ocx which can be opened with LordPE or most any other PE editor. IAT table looks relatively undamaged, all resources are visible, first 2 sections renamed to # (renamed or modifed UPX0/UPX1 sections. No idea about internal changes. NoHack is a also a term adopted by a group concerned with trojans on irc clients and Chinese firewall software.
Btw, we may need some new Smilies...
"Have you read the FAQ?"
"yes"
Suggest emoticons for: Blank Stare, Uncomprehending Blink, Shuffle Feet, Stare at Ground, Whistle Nonchalantly, Back Away Slowly, Turn and Run.
K.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.