Sign in to follow this  
Followers 0
SND

UPX - Tips and Tricks

Started by SND,

1 post in this topic

Posted

Every reverse engineering guy stumbles upon UPX once.

UPX is mostly used for native executables or library files, where you can choose various packing options such as BRUTE or BEST etc.

Once a file was packed with UPX , UPX will write a Header into the file . Tools like PEiD or Protection ID detect that and notify you that this file was UPX Packed.

Then you can easily use "-d" on the UPX.exe to DECOMPRESS / UNPACK the packed file back to its "original" state BUT (!) there is some trick to prevent some noobs from doing that with your file! 

 

You can HEX edit that UPX header and just Hex edit the informations out . Resave the file and here you got a UPX Packed file that cannot be unpacked with the upx.exe anymore easily . 

i know two ways of how to unpack the file again even with this trick :

- PE Explorer UPX Plugin ( Automatically unpacks the file even with hexed header)

- Manual Unpacking (Requires time , brain and knowledge. Or a youtube video)

 

 

Hope that helps

3 people like this

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Reverse Engineering Guides and Tips