Heaventools Home Page

 
Product Overview  Feature Tour  Download  Support  Purchase  Daily Deals  About
  PE EXPLORER :: FEATURE TOUR :: UPX UNPACKER
Click for PE Explorer screenshots

Product Name:

PE Explorer

Version:

1.99 R4

Release Date:

July 28, 2008   [What's New]

Requirements:

Intel Pentium with 16 MB RAM (or higher)

Platforms:

 Windows 98, ME, NT4, 2000, XP, 2003, Vista

Price:

 $129 (Personal License), $229.95 (Business License)

Trial Version
Download

 PE Explorer (3.5 Mb)

OVERVIEW

FEATURE TOUR:
• See What's Inside
• DLL Function View
• Resource Editor
• Disassembler
• UPX Unpacker
• Upack Unpacker
• Find Dependencies
• More Tools

DOWNLOAD

ORDER NOW

DAILY DEALS

TECH SUPPORT

ABOUT US    

UPX Unpacker Plug-in

PE Explorer ships with the UPX Unpacker plug-in, a start-up processing plug-in for unpacking files compressed with UPX by Oberhumer & Molnar (see http://upx.sourceforge.net ). All versions of UPX are supported, from the obsolete early versions (prior to 0.80) up to the latest version 2.0.

In addition, PE Explorer now supports for files modified with many UPX scramblers such as Advanced UPX Scrambler, UPoLyX, UPX Lock, and more.

Now you can open files compressed with UPX even without knowing that!

When you open a file with PE Explorer, the UPX Unpacker plug-in detects whether a file is packed with UPX, and then your file will be unpacked automatically. The resulted file will also be saved unpacked. PE Explorer does not re-pack the previously packed files. That is why the original file size may be increased after you save the executable WITHOUT making ANY changes to it in PE Explorer.

The UPX Unpacker displays lines of messages in the bottom log window as follows:

Always check the bottom log window for details

Unpacking Malicious Software

The UPX Unpacker plug-in works on packed malware executables and can handle a file even if it has been packed with UPX and modified manually so that UPX cannot be used directly to unpack the file, because internal structures have been modified, for example the names of the sections have been changed from UPX to XYZ, or the version number of the UPX format has been changed from 1.20 to 3.21. This technique often is used by malware authors to make unpacking and reverse engineering harder.

Previously, you had to run the executable and dump the packed segments right after the executable had been completely unpacked in memory. Now you can open these obfuscated files even without knowing that: your file will be unpacked automatically!

The UPX Unpacker attempts to recover a file, even when an original PE file header entry is no longer available after unpacking. Previously, losing the PE file header rendered the executable completely inoperable and unrepairable. Now you have good chances to analyze packed malware executables and extract hidden data.

Known Limitations

The UPX Unpacker plug-in unpacks only files compressed with UPX. Consult the PE Explorer help for the plug-in API: you can write your own custom start-up processing plug-in for crypted files handling and unpacking the packed files.

1. Win32/PE files only.
2. The compressed files must have their original PE header.
3. NRV2B_LE32, NRV2D_LE32, and NRV2E_LE32 compressions methods only.

< previous | next >

 Download PE Explorer and learn how it can make you more productive.

 

Download Area    How To Order    Request Support    What's New    About Us    Site Map

Copyright © 2008 Heaventools Software. All rights reserved.  |   Privacy Policy   |   Terms of Use   |   Contact Us