Results 1 to 1 of 1

Thread: Upx unpack

  1. #1
    jamsb123
    jamsb123 is offline
    Guest
    Join Date
    2014 Jan
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Upx unpack

    Manual Unpacking of UPX

    Here are the standard steps involved in any Unpacking operation
    Debug the EXE to find the real OEP (Original Entry Point)
    At OEP, Dump the fully Unpacked Program to Disk
    Fix the Import Table
    Based on type and complexity of Packer, unpacking operation may vary in terms of time and difficulty.

    UPX is the basic Packer and serves as great example for anyone who wants to learn Unpacking.

    Here we will use OllyDbg to debug & unpack the UPX packed EXE file. Although you can use any debugger, OllyDbg is one of the best ring 3 debugger for Reverse Engineering with its useful plugins.






    Lets start the unpacking operation
    Load the UPX packed EXE file into the OllyDbg
    Start tracing the EXE, until you encounter a PUSHAD instruction. Usually this is the first instruction or it will be present after first few instructions based on the UPX version.
    When you reach PUSHAD instruction, put the Hardware Breakpoint (type 'hr esp-4' at command bar) so as to stop at POPAD instruction. This will help us to stop the execution when the POPAD instruction is executed later on.
    Other way is to manually search for POPAD (Opcode 61) instruction and then set Breakpoint on it.

    Once you set up the breakpoint, continue the execution (press F9).
    Shortly, it will break on the instruction which is immediately after POPAD or on POPAD instruction based on the method you have chosen.
    Now start step by step tracing with F7 and soon you will encounter a JMP instruction which will take us to actual OEP in the original program.
    When you reach OEP, dump the whole program using OllyDmp plugin (use default settings). It will automatically fix all the Import table as well.
    That is it, you have just unpacked UPX !!!

Similar Threads

  1. [help]unpack .pak
    By amoryza in forum General Game Research
    Replies: 0
    Last Post: 2014-12-19, 02:07 AM
  2. [Help] Please unpack Ninedragons.exe
    By godofrock in forum Other MMO
    Replies: 0
    Last Post: 2013-12-17, 07:53 PM
  3. learning to unpack
    By susimilikiti in forum General Game Research
    Replies: 13
    Last Post: 2012-07-01, 03:03 AM
  4. [Info] Heroes in the Sky RES Unpack
    By h4x0r in forum Game Files
    Replies: 0
    Last Post: 2012-02-04, 07:51 PM
  5. Help unpack extensions
    By costa07 in forum Research Requests
    Replies: 9
    Last Post: 2011-10-26, 02:41 AM
Visitors found this page by searching for:
Nobody landed on this page from a search engine, yet!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •