Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Probs with unpacked Aspack files (https://forum.exetools.com/showthread.php?t=3453)

TheDutchJewel 02-18-2004 05:35
Probs with unpacked Aspack files
 
Normally I unpack Aspack protected files with AspackDie. But when I pack them
again with ASPack, some of them don't show there icon in the explorer anymore.
So I unpacked a few progs with Olly and lownoise' Aspack script, dumped them
with LordPE/ProcDump and rebuild the dumps with Import REConstructor (I used
OEP where Olly landed, and IAT AutoSearch).

When disassembling this fixed dumps in W32Dasm, I allways get this message:
Quote:
This PE File is not in Standard Windows Format.
All Data References will be terminated.
Programs run fine and disassembling with IDA works fine too, but I think this
could be better. Someone has an idea about what I did wrong?

r3L4x 02-18-2004 08:09
i unpacked my first aspacked file manually last night by folowing this tut by R@ider and it disassembles in w32dasm just fine...

check this out, it might help
/http://www.exetools.com/forum/showthread.php?s=&threadid=2728

TheDutchJewel 02-18-2004 13:53
Thanks for reply, r3L4x. I read R@dier's great tute, unpacked the Unpackme
Aspack 2.12 .exe, dumped it, rebuild it and cleaned it up as written in the
tute. But I got still the same error in W32Dasm:
Quote:
This PE File is not in Standard Windows Format.
All Data References will be terminated.
It seems something gets wrong, but what and why?

hobgoblin 02-18-2004 15:10
well
 
hi there,
Try to set LordPE to only validate when you use the rebuild function. Sometimes when you tell LordPE to realign and do some other "fancy" rebuilding stuff, you will get errors. If this doesn't solve it, you should check oit the header of the file. Maybe you got some errors there.

regards,
hobgoblin

TheDutchJewel 02-18-2004 17:40
Hi hobgoblin. :)

Only validate didn't solve the prob. And in the file header I can't find some
errors.

It's strange, but when I unpack Unpackme Aspack 2.12.exe with AspackDie,
then I get no error in W32Dasm. It's only when dumping from Olly (both in Olly
1.09d and 1.10 step 1, and no matter if I use Ollydump/LordPE or ProcDump).
Maybe it are the ImpRec settings?
hxxp://thedutchjewel.netfirms.com/imprec.jpg

[Edit by JMI: I know it's your site, but we discourage ALL clickable links OUTSIDE the Forum because the noobies can't stop themselves from posting clickable links to software vendors..]

MaRKuS-DJM 02-18-2004 21:34
if you use the small patch from bratalarm (bratpatch 3), W32Dasm will disassemble it correct.

TheDutchJewel 02-18-2004 22:56
Thanks MaRKuS.

After using bratpatch 3, W32Dasm now shows Strings Date Reference. But a lot of them contains corrupted characters while IDA shows them right. So it's seems the dump isn't still as good as it should be...


All times are GMT +8. The time now is 21:35.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX