Until now I'd purposely neglected to really mention 'packers' on my site as a common protection technique used by software authors. In fact its still probably true to say that most authors remain ignorant of their existance or for whatever reason choose not to use them. However it is my view that the skills of 'unpacking' and 'rebuilding' need to be mastered by any discerning 'newbie'. I've chosen a packer named "ASPack" as my target for this series of forays which I hope will be instructive, the information here should hopefully enable you to 'spelunk' any packer you so choose.
ASPack is a shareware Windows based 'packer' which compresses Win32 .exe & .dll files (PE format), it seems pretty efficient getting close to PkZip's level of compression (not a very scientific comparison I know). This extended project has 2 phases. The first involves unpacking a known quantity, the 2nd unpacking an unknown target, you could of course extend this to unpack ASPack itself.
Many thanks to cTT for inspiring me to write this.
HEX Editor (UltraEdit/Hiew recommended).
Matt Pietrek's PEDump (19k).
Memory dumping tool (SoftDump, ADump, IceDump).
ProcDump v1.3+ (for easy PE editing).
SoftICE v3.2x/v4.0.
W32Dasm or IDA.
1 'test' target.
http://www.entechtaiwan.com/aspack.htm - ASPack v1.08.03.
http://arn.hypermart.net - File/Folder Description Centre v3.6.0.0 (Phase 2).
Reference: Chapter 8, Matt Pietrek (Windows 95 System Programming Secrets).
Phase 1 - Beyond Compare v1.7c.
Phase 2 - File/Folder Description Center v3.6.0.0.
Return to Main Index.