Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to find out how an exe was packed and how to unpack it?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-14-2018, 04:30
niculaita's Avatar
niculaita niculaita is offline
Family
  
Join Date: Jun 2011
Location: here
Posts: 1,475
Rept. Given: 1,009
Rept. Rcvd 95 Times in 65 Posts
Thanks Given: 5,429
Thanks Rcvd at 508 Times in 359 Posts
niculaita Reputation: 95
open soft, open megadumper for net apps, dump files, or upload exe. If dongle or card are used we can not help you too much without them
__________________
Decode and Conquer
Reply With Quote
  #2  
Old 07-14-2018, 05:25
DavidXanatos DavidXanatos is offline
Family
  
Join Date: Jun 2018
Posts: 183
Rept. Given: 3
Rept. Rcvd 47 Times in 33 Posts
Thanks Given: 59
Thanks Rcvd at 363 Times in 120 Posts
DavidXanatos Reputation: 47
Quote:
Originally Posted by niculaita View Post
open soft, open megadumper for net apps, dump files, or upload exe. If dongle or card are used we can not help you too much without them
Booth tools are available for download...

The good one but also with the newer version of protection can be run without a license, but then the best functions are not available.

The other one can be run for free although with a often appearing annoying nag screen and its by far not as good as the first one.

Hence if possible I would like to get a look inside the first one, the second one is kind of plan B.

There are a couple thinks I want to find out:

One is as mentioned; the lists of files and reg keys for each component which can be removed. (these are the most interesting part I think, booth tools have slightly different collections of components, hence they probably have been manually generated at some point in time)

The other thing is that some of the lists are generated from the mounted installation image, here I would like to know hot to load those oneself (although at least for some I have somewhat an idea how its done).

Things like the Provisioned apps can be enumerated and also removed using dism commands.
I assume the list of drivers to be removed is also generated on the fly, most likely just parsing the all the *.inf files.

But things like telemetry, error reporting, smart screen, windows defender or Cotana a.k.a. windows search can not be removed this way, instead one need to know which files and registry entries to remove by hand.


The hard way to find out those info's would be to run the tools always with only one option selected and then diff the resulting installation images, even though that could be automatized it would probably take forever.
So I take it as a good opportunity to learn some reverse engineering. Haven't expected though booth tools to be equipped with anti debugging techniques though. Well... more opportunity to learn something new I guess.

David X.
Last edited by DavidXanatos; 07-20-2018 at 22:36.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to unpack dos lzexe packed exe? jonwil General Discussion 4 01-18-2024 02:13
How to unpack .dll packed with HASP4 Asus General Discussion 1 03-28-2005 02:36
how do u unpack if u dont find how a exe is packed? mefistor General Discussion 1 03-26-2003 05:43


All times are GMT +8. The time now is 20:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )