Unpacking UPX [Archive] - RCE Messageboard's Regroupment

View Full Version : Unpacking UPX

melvill

June 20th, 2003, 01:42

Hi Guys,

hv read some where that it is possible unpacking UPX file on debuggin session with OLLY is that correct ? if yes how ?

rgds

Melvill

Anonymous

June 20th, 2003, 02:50

yes it's correct. Just search for the famous signature bytes, breakpoint, run, dump. Job done

Ricardo Narvaja

June 20th, 2003, 06:20

the plugin ollydmp is useful, and have a tracer to help find the OEP to dump.

Ricardo

Anonymous

June 20th, 2003, 13:14

Hello Ricardo
Can you write a tut about how to use ollydmp please?

regards

Ricrado Narvaja

June 20th, 2003, 14:54

i write many tuts and i have a tut how unpack upx with ollydmp but is not translated is in spanish and for XP.

Ricardo

melvill

June 21st, 2003, 01:19

Thks Guys

Ricardo, can you send this tut for me ? i understand Spanish

melvill@crkportugal.com

thnks

Anonymous

June 21st, 2003, 05:26

loooool

And what about us?

I don't understand Spanish lng.

Anonymous

June 21st, 2003, 08:07

Why do you need a tut for UPX? It's by far the easiest packer to unpack !

Anonymous

June 21st, 2003, 09:48

I don't need a tut for UPX ,I need a tut about how to use OllyDmp only.

Anonymous

June 21st, 2003, 10:11

If you don't understand spanish, use Babelfish.

Also, I find LordPE better than OllyDump.

Ricrado Narvaja

June 21st, 2003, 14:14

LordPE is different OLLYDMP.

If you dump with ollydmp and rebuild with lordpe, ollydmp try reconstruct the IAT, the 90 % of unpackings in UPX, rebuild perfect IAT, with lordpe is a good dumper but no rebuild THE IAT, the dumped run only in your machine if run, and you need use IMPORT RECONSTRUCTOR or REVIRGIN, with OLLYDMP is not necesary, make all the work.

Ricardo

RobMad

June 22nd, 2003, 07:56

Ricardo Narvaja, can you send me the tut for unpack UPX in Ollydbg?
ps: I can read spanish well!

robmad@hotmail.com

Thanks!!!

Anonymous

June 24th, 2003, 19:21

Yah send me too please :P

I understand spanish TOO (babelfish even)

Thanks

TByteSoft@ntlworld.com

Anonymous

June 27th, 2003, 07:32

http://www.geocities.com/r_etarded/ollydump.html
("http://www.geocities.com/r_etarded/ollydump.html
")

a tute to unpack with olly/ollydump for UPX/FSG

Anonymous

July 3rd, 2003, 03:01

Checkout GuiPEX. A program that is make to both uncompress/compress programs. Works like a charm.

Anonymous

July 5th, 2003, 07:04

I am a noob to unpacking. I followed the tutorial above and unpacked the exe.
But when i load the unpacked exe in Olly, Olly says that the Entry Point is outside the code as specified in the PE Header. So i can't set breakpoints very well. Is this ok? If not, how can i correct the PE Header in this example tutorial? Sorry for my bad english

Thanks.

pov

July 5th, 2003, 11:07

Change the flags of the section containing the real entry point to executable, and then ensure that the Baseofcode and Baseofdata pointers in the PE header are correct.

Ricrado Narvaja

July 5th, 2003, 13:51

Is not a truoble this, in a pecked program this cartel always appear, and in a unpacked program too, is not important don't worry and continue.

Ricardo