Professional Documents
Culture Documents
Unpack
Unpack
I'm not an expert on packers so don't take this as the definitive gospel, I've probably only studied 5-10
examples at the most just to ensure I could unpack them if need be (excluding the HASP envelope).
Here's a checklist you ought to run through before considering unpacking.
i) Knowledge of the PE file format (used by all Win32 OS's) is essential. Microsoft's site provides some
general information, I recommend these 2 articles (45k), the one by Randy Kath is the Microsoft
approved text. The omnipresent Matt Pietrek has also written some good articles (not least his book),
for a limited time only you can get your very own OCR'd copy of Windows System Programming Secrets
at NeuRaL_NoiSE's site.
ii) Knowledge of SEH (Structured Exception Handling) is required, read this article by Jeremy Gordon and
download the example file except32.zip. Have a look too at these brief SEH notes (22k).
v) A PE dump utility. Borland's TDUMP or Matt Pietrek's PEDump are recommended, even QuickView
included with Windows can be adequate.
vi) A HEX editor with good cut/copy & paste facilities, I like UltraEdit, but Hex Workshop or Hiew will also
do. You'll also require a memory dumping tool (IceDump or SoftDump).