Dumping protected DLL 'perplex' data section
 

Been out of the reverse engineering picture for a while and decided to get back into it as there is an app which I use that is missing some functions ;) I'm working the apps DLL which is packed using an Unknown packer (at least to me) It has a data section called 'perplex' which I seem to remember indicates that this has been packed with ACProtect/UltraProtect. Can anyone confirm this?

Also I'm using ollydbg as I couldn't get softice to install on XP sp2 grrr and didn't feel like going back to 98. I was wondering if there was anything I should be looking out for when unpacking ACprotect/UltraProtect - I have Hide Debugger v1.2 and Ollydump installed... anything else?

TIA

grimm

http://www.exetools.com/forum/showthread.php?t=6148

http://www.exetools.com/forum/showthread.php?t=6774

And watch out for that JMI fellow, he'll tell you to stop being so darn lazy and to use the SEARCH function both here and on the net before you ask a question that may have been already answered. ;) There is also information here and on the net about getting Softice to function on SP2.

Regards,

Sorry have been away from my machine so haven't been able to respond.

The search function? I can't see one on the exetools boards... not in Quick Links or Thread Tools. I'm using Firefox if that makes a difference?

I wasn't being toooo lazy... I tried searching google with different combinations of 'perplex', 'rdata', 'data' etc and only found one relevant page: http://www.pediy.com/bbshtml/BBS6/pediy6922.htm but as I don't understand the language it was pretty tough to decipher ;)

Thanks for the links. I shall get on and unpack this thing!

grimm