Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Sunday, September 24 2017 @ 07:36 PM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Coding an UPX Unpacker

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Coding Corner
View previous topic :: View next topic  
Author Message
Ksbunker
Occasional Poster
Occasional Poster


Joined: 15 Jul 2005
Posts: 24

PostPosted: Sat Aug 02, 2008 9:44 am    Post subject: Coding an UPX Unpacker Reply with quote

I have no troubles manually unpacking UPX packed programs.

But I want to take this one step further just for my development, and see if I can write a generic unpacker.

How would one go about doing so?

Mapfile to memory... read section names, if "UPX" found cont. else not UPX, quit.

1. CreateProcess with debug privs?
2. bpm kernel32.loadlibrary

;esp = return EIP
;esp+4 = param 1

3. jmp [esp]
4. Search for E9h XX XX XX XX ....to OEP???

Anyway, you see what I mean, cheers.
Back to top
View user's profile Send private message
detten
Site Admin


Joined: 05 Feb 2005
Posts: 317

PostPosted: Fri Aug 08, 2008 1:02 pm    Post subject: Reply with quote

Isn't the UPX source code available on the web? You could have a look at how the "upx -d" option works.

http://upx.sourceforge.net/download/upx-3.03-src.tar.bz2 (C++)

Otherwise take a look at this source code for some hints :

http://www.exetools.com/forum/showthread.php?t=1326 (MASM)

_________________
Ignorance is bliss, knowledge is power
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Coding Corner All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2017 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.05 seconds