Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
advanced search  
Topics
News (14)
Tutorials (115)
Crackmes (70)
Coding (23)
Challenges
Download
Hall Of Fame
User Functions
Username:

Password:

Don't have an account yet? Sign up as a New User
Banners
 Welcome to BiW Reversing
 Sunday, April 02 2023 @ 11:48 AM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Help me identify this packer

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking
View previous topic :: View next topic  
Author Message
Neounk
New to the board
New to the board


Joined: 28 Oct 2006
Posts: 1
PostPosted: Mon Nov 27, 2006 9:53 pm    Post subject: Help me identify this packer Reply with quote
Ok, so PEiD give what I beleive to be a false positive with "Microsoft Visual C++ 6.0" so the only thing I have to go on is the section names and the fact that the EP doesn't look like MSVC6.

As the only things I'v found packed with it are malware I can't really post a link. So the only hting I have to go by is the section names.

in PEiD the section names looks like this:

0
1
2
3
4
5

with 3 being the EP section. However, looking at it from Bob's section tool plugin the sections are read as:

0 ext
1 data
2 ata
3 ext
4 data
5 ata

could anyone help me with this?
Back to top
View user's profile Send private message
Knight
Regular
Regular


Joined: 21 Aug 2005
Posts: 122
PostPosted: Fri Dec 08, 2006 1:23 am    Post subject: Reply with quote
Do you really think that somebody will be able to tell you what packer is used there? Your information gives nothing... Section names can be easily removed manualy, let alone packers... One way of identifying compiler could by by linker version. For example 5.12 is usually masm, 2.25 some of borland stuff (not sure but i think usually delphi); 5.0, 6.0, 7.0, 8.0 - corresponding version of VC++; 5.0, 6.0 - corresponding version of VB; 82.83 - armadillo... It can be not accurate (as for example 6.0 can be VB and VC++ and probably some other compiler), but sometimes it can be more informative than PEiD's scan. Also often packers don't alter this value so it represents original exe's compilers version. On the other hand does it changes much if you know what you're dealing with? The only problem that i see is that you might be unable to dig needed info yourself, but if you got some brain you can find ur way through, and if you're stuck i'm sure that either on this or some other forum will appear ppl who will help you get moving from dead point.
In conclision... either provide us with some more information or try bypass it urself and if you're unble, ask for help for the point you're stuck on.
Btw, if your intent is to crack that program then think about keygenning. It's great since you don't need to unpack file, you can work with packed one. Tho keygenning is not for everybody...
Regards,
Knight
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2023 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.81 seconds