Reverse Engineering b10g | REM

hi

Generic unpacker support 92 packers

aUS [Advanced UPX Scrambler] 0.4 – 0.5
ASPack 1.x – 2.x
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x
BJFNT 1.3
BeRoEXEPacker 1.x
CryptoPeProtector 0.9x
CodeCrypt 0.16x
dot Fake Signer 3.x
dePack
eXPressor 1.2.x – 1.5.x
EZip 1.0
EP Protector 0.3
Escargot 0.x
EXEStealth 2.x
FSG 1.xx & 2.0
Goat’s PE Mutilator 1.6
hmimys-Packer 1.x
HidePX 1.4
HidePE 2.1
JDPack 1.x
JDProtect 0.9
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
nSPack 2.x – 3.x
nPack 1.x
NeoLite 1.x – 2.0
NWCC
OrIEN 2.1x
PECompact 1.x – 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
PackMan 0.0.0.1 & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PackItBitch
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
Perplex PE-Protector 1.x
PKLITE32 1.x
RLP 0.6.9 – 0.7.x
RLPack Basic Edition 1.x
RLPack Modifier Edition 1.x
ReCrypt 0.15 – 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SPEC b3
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x – 2.x
UPXRedir
UPXCrypt
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
WWPack32 1.x
WinUPack 0.2x – 0.3x
Winkript 1.0
yC 1.x
yZPack 1.x – 2.x
32Lite 0.3a
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2

Unpacker for Petite 2.1 and 2.2 coded by mirz .

What’s new in version 0.2b:

- I corrected verification of signature ( now it should work fine )
; ? = 2 bajty
;[PEtite v2.1=B8????6A?68????64FF35????648925????669C6050]
;[PEtite v2.2=B8????68????64FF35????648925????669C6050]
- I corrected reconstruction of import symbols

( Now it rebuilds such functions as LeaveCriticalSection etc. )
- unpack dll
- new dialog box
- manifest.xml is from MSDN library.

I tested him on several programs packed by me.

How unpetite 0.2b work:
(files *.exe)
1. run program
2. It stops on access violation
3. then it searches jump to OEP
4. rebuild import symblos
5. dump and save file as unpacked.exe

(files *.dll)
1. ntdll.KiUserException is patched
2. loading of dll
3. It stops on access violation
4. then it searches jump to OEP and reconstruction of ntdll.KiUserException
5. rebuild import symblos
6. dump and save file as unpacked.dll

All notes, problems and errors send under address e-mail mirz@o2.pl .
Don’t forget, that program can have some errors else:)

Some programs, which was using for tests:

- xmplay (thx bart)
- Cruehead Crackme1
- hexedit Geoffrey Prewett
- Lit 1.21 Marek Szyku翅
- RegCleaner4.3 by Juoni Vuorio
- CloneCD 5.2.6.1
- Winamp 5.08d
- WinIso v5.3
- WinRar 3.4