home products solutions news downloads order support about us
- Feature Tour
- PE Explorer
- PE Header Viewer
- Data Directories Viewer
- Section Header Editor
- File Repair
- DLL Export Viewer
- EXE Import Viewer
- Delay-Load Import Viewer
- Syntax Lookup
- Mangled Names Unmangling
- Digital Signature Viewer
- Resource Editor
- Resource Types Supported
- XP Manifest Wizard
- Win32 Disassembler
- Dependency Scanner
- UPX Unpacker
- Upack Unpacker
- Remove Debug Information
- View and Strip Relocations
- TimeDate Stamp Adjuster
- Back
- Resource Tuner
- Resource Tuner Console
- FlexHex
- Awicons PRO
- Icon Sets
- Related Links:
Tech Support- Buy Online
- Trial Downloads
- Product FAQ
Upack UNPACKER PLUG-IN
Automatic Upack (WinUpack) Unpacking
PE Explorer ships with the Upack Unpacker plug-in, a start-up processing plug-in for unpacking files compressed with Upack or WinUpack. All versions of Upack are supported.
Upack is a packer similar to UPX, but it uses LZMA compression and is designed with a focus on anti-unpacking.
The Upack Unpacker re-creates an executable file in its original form, before it was packed. This allows you to perform static analysis on the now unpacked data.
When you open a file with PE Explorer, the Upack Unpacker plug-in analyzes if it is compressed with Upack and if so, unpacks it automatically. The resulted file will also be saved unpacked. PE Explorer does not re-pack the previously packed files back to the exact original size.
Reversing Worms and Trojans Packed with
Upack
Many authors of malicious software use Upack to further reduce size of the exploit so it is more flexible and can fit in smaller places. Before malware analysis, you need to be sure if a packer is present. The Upack Unpacker displays lines of messages in the bottom log pane as follows:
Now, once it's opened and unpacked, you can continue with import analysis in EXE Import Viewer, then check out all referenced text strings and function calls in Disassembler. You can rapidly analyze the procedures and libraries a malware executable uses without ever activating the executable itself - a great advantage over debuggers where malicious code needs to be run to be analyzed.
Write Your Own Custom Plug-ins
The Upack Unpacker plug-in unpacks only files compressed with Upack. Consult the PE Explorer help for the plug-in API: you can write your own custom start-up processing plug-in for crypted files handling or unpacking the packed files. Using the Plug-in Manager, you can set priority of executing plug-ins: Menu Tools | Plug-in Manager.
Within the PE Explorer directory there must be a subdirectory named PLUGINS. All plug-ins (DLLs) should be placed in this folder.
The plug-in API will be extended, therefore when writing custom plug-ins, it is important to pay special attention to the remarks made in the description of Functions and Types (see the product help file), and abide by them. Following these guidelines will keep your coding compatible with future versions of PE Explorer and Resource Tuner.
The plug-in API can be found within the PE Explorer or Resource Tuner packages.
Take a look at 
PE Explorer Screenshots
Personal License ... US$129.00
Business License ... US$229.95
