Quick Unpack v2.0 Final
At last I decided to release 2.0 final. Maybe there are still several bugs left but that what support is needed for In plans for future I want to change the engine for something astonishing (not sure if it will be public) and to make existing OEP-finders also work with DLLs. So stay tuned
v2.0 final
[!] fixed many bugs like missed import functions
[!] fixed several driver bugs like the one which didn't allow to pass some exceptions
[!] improved export feature now supports invalid functions
[!] many improvements (like 256x256 icon for Vista, thanks to Feuerrader ) and optimizations (like better memory handling)
[!] now Force.dll doesn't use GenOEP.dll, though some code was borrowed
[+] added so long-waited ability to use scripts. before using scripts it's strongly recommended to read the manual (Scripts.eng.txt file). script examples may be taken from Scripts folder (*.lua files), scripting language LUA manual also can be found there (LUA Manual.html), which parser was embedded in the program. BTW I know that Step button doesn't work like a charm but I wasn't able to make it better
[+] passing parameters to the application added
[+] import list from imprec feature added (now Quick Unpack supports both export and import of import functions in imprec-compatible files this allows to edit some functions or add new ones. keep in mind this option works with normally created files but if you put some garbage or format this file in unusual manner this may cause crash I was too lazy to parse the file with care)
[+] attach process feature added (this option allows to choose any module in a process for unpacking and has some features. if in processes listbox a process name is a full path with name you can attach to this process. if it is only name of the file you don't have enough rights to attach. you can't specify the OEP, the instruction the program was stopped is treated as the OEP. to use attach process feature one should load the program in any debugger and manually get to the OEP, when attach to that process with Quick Unpack. keep in mind that for smart import recovery you don't need the program to run, it can just be left in the debugger standing at the breakpoint. but to use smart import recovery with tracer you should put it in the infinite loop (EB FE) and run the program because the tracer uses current thread for tracing. if the program was put in the infinite loop don't forget to restore these two bytes in the dump. when attached tracing import is unreliable and very slow, so it's not recommended to use it). this feature allows to use Quick Unpack as a dumper and import recoverer (my attempt to replace PETools and ImpRec with one program )
[+] imprec plugin support added (this feature allows to use imprec tracer plugins in Quick Unpack to restore import functions. keep in mind when using attach to process feature the program must be run for the tracer to work)
[+] added UsAr's generic OEP finder. I modified it a bit
[+] added Human's generic OEP finder. I modified it a bit
[+] added deroko's generic OEP finder. I modified if a bit and took the GUI from Human's generic OEP finder. it's sometimes slow but rather powerful and be warned that this finder uses driver and the driver is unloadable till next reboot. uses deroko's Dream of every reverser engine so incompatible with win2k3 and kaspersky. for more information about this engine visit http://deroko.phearless.org
[-] no more old non-generic OEP finders
Download:
http://qunpack.ahteam.org/wp-content/uploads/2007/09/qunpack20.zip
Mirrors: http://www.hacker.com.cn/down/view_14702.html
Info: http://www.3800hk.com/Soft/zhly/19567.html
http://www.hacker.com.cn/down/view_14702.htm
http://www.0wei.com/thread-23679-1-1.html
Quick Unpack 2.0 final for Windows 2000/XP/2003/Vista
(c) stripper engine by syd
founded by FEUERRADER [AHTeam]
(c) coded by Archer
19:35:56 - Opened utorrent 1.7.5_fake2x_leecher.exe
Quick self analyze.... PECompact 2.xx
PESniffer EP Scan: PECompact v2.xx
PEiD scanning... PECompact 2.x -> Jeremy Collake
if 2 difficult: Unpecomp2.exe
so some mods can look and see now that the files there and in history by all known coders do not have any call homes integrated/added but in the original uT/bT the stats.domain.com is disappeared in the later builds or we are all blind and do not more found it since all builds beginning from late August.
apple juice, eMule.0.48a.Titandonkey.v4.11-Bin, eMule.0.48a.Razorback3.Next.Generation.v4.11, eMule.v0.48a.Wikinger-Mod, sun power,... and the rest of apple juice
based ExeStealth V2.76 to prepare plugin required.
copy OEPFinders files from the older version in addition for full support of known unpacking types
more tools:
Homepage: http://qunpack.ahteam.org/
http://www.hacker.com.cn/down/list_232.html
v2.0 final
[!] fixed many bugs like missed import functions
[!] fixed several driver bugs like the one which didn't allow to pass some exceptions
[!] improved export feature now supports invalid functions
[!] many improvements (like 256x256 icon for Vista, thanks to Feuerrader ) and optimizations (like better memory handling)
[!] now Force.dll doesn't use GenOEP.dll, though some code was borrowed
[+] added so long-waited ability to use scripts. before using scripts it's strongly recommended to read the manual (Scripts.eng.txt file). script examples may be taken from Scripts folder (*.lua files), scripting language LUA manual also can be found there (LUA Manual.html), which parser was embedded in the program. BTW I know that Step button doesn't work like a charm but I wasn't able to make it better
[+] passing parameters to the application added
[+] import list from imprec feature added (now Quick Unpack supports both export and import of import functions in imprec-compatible files this allows to edit some functions or add new ones. keep in mind this option works with normally created files but if you put some garbage or format this file in unusual manner this may cause crash I was too lazy to parse the file with care)
[+] attach process feature added (this option allows to choose any module in a process for unpacking and has some features. if in processes listbox a process name is a full path with name you can attach to this process. if it is only name of the file you don't have enough rights to attach. you can't specify the OEP, the instruction the program was stopped is treated as the OEP. to use attach process feature one should load the program in any debugger and manually get to the OEP, when attach to that process with Quick Unpack. keep in mind that for smart import recovery you don't need the program to run, it can just be left in the debugger standing at the breakpoint. but to use smart import recovery with tracer you should put it in the infinite loop (EB FE) and run the program because the tracer uses current thread for tracing. if the program was put in the infinite loop don't forget to restore these two bytes in the dump. when attached tracing import is unreliable and very slow, so it's not recommended to use it). this feature allows to use Quick Unpack as a dumper and import recoverer (my attempt to replace PETools and ImpRec with one program )
[+] imprec plugin support added (this feature allows to use imprec tracer plugins in Quick Unpack to restore import functions. keep in mind when using attach to process feature the program must be run for the tracer to work)
[+] added UsAr's generic OEP finder. I modified it a bit
[+] added Human's generic OEP finder. I modified it a bit
[+] added deroko's generic OEP finder. I modified if a bit and took the GUI from Human's generic OEP finder. it's sometimes slow but rather powerful and be warned that this finder uses driver and the driver is unloadable till next reboot. uses deroko's Dream of every reverser engine so incompatible with win2k3 and kaspersky. for more information about this engine visit http://deroko.phearless.org
[-] no more old non-generic OEP finders
Download:
http://qunpack.ahteam.org/wp-content/uploads/2007/09/qunpack20.zip
Mirrors: http://www.hacker.com.cn/down/view_14702.html
Info: http://www.3800hk.com/Soft/zhly/19567.html
http://www.hacker.com.cn/down/view_14702.htm
http://www.0wei.com/thread-23679-1-1.html
Quick Unpack 2.0 final for Windows 2000/XP/2003/Vista
(c) stripper engine by syd
founded by FEUERRADER [AHTeam]
(c) coded by Archer
19:35:56 - Opened utorrent 1.7.5_fake2x_leecher.exe
Quick self analyze.... PECompact 2.xx
PESniffer EP Scan: PECompact v2.xx
PEiD scanning... PECompact 2.x -> Jeremy Collake
if 2 difficult: Unpecomp2.exe
so some mods can look and see now that the files there and in history by all known coders do not have any call homes integrated/added but in the original uT/bT the stats.domain.com is disappeared in the later builds or we are all blind and do not more found it since all builds beginning from late August.
apple juice, eMule.0.48a.Titandonkey.v4.11-Bin, eMule.0.48a.Razorback3.Next.Generation.v4.11, eMule.v0.48a.Wikinger-Mod, sun power,... and the rest of apple juice
based ExeStealth V2.76 to prepare plugin required.
copy OEPFinders files from the older version in addition for full support of known unpacking types
more tools:
Homepage: http://qunpack.ahteam.org/
http://www.hacker.com.cn/down/list_232.html
I love uT EdiTion no Installer