Unpacker for Microsoft EXEPACK utility compressor.
+--------------------------+
| EXEPACK HEADER |
+--------------------------+
| UNPACKER STUB |
+--------------------------+
| Error string |
| "Packed file is corrupt" |
+--------------------------+
| RELOCATION TABLE |
+--------------------------+
Header format:
+ 0x00 : REAL_IP [WORD] // Original initial IP value
+ 0x02 : REAL_CS [WORD] // Original initial (relative) CS value
+ 0x04 : MEM_START [WORD] // Start of executable in memory : not used by the unpacker
+ 0x06 : EXEPACK_SIZE [WORD] // sizeof (EXEPACK HEADER) + unpacker stub length + strlen(ERROR_STRING) + relocation table length
+ 0x08 : REAL_SP [WORD] // Original initial SP value
+ 0x0A : REAL_SS [WORD] // Original initial (relative) SS value
+ 0x0C : DEST_LEN [WORD] // Unpacked data length (in paragraphs)
+ 0x0E : SKIP_LEN [WORD] // field only present in specific version of EXEPACK : not used by the unpacker
+ 0x10 : SIGNATURE [WORD] // Magic number "RB"
EXEPACK employs a fairly basic run-length encoding, commands are encoded on bits 1-7 (mask 0xFE).
- Command
0xB0, writeLENGTHbytes withVALUE.
[LENGTH (WORD)][VALUE (BYTE)]
- Command
0xB2, copy the nextLENGTHbytes
[LENGTH (WORD)][BYTES ((BYTE) * LENGTH)]
Relocation table is optimized too, for each segment (0-15), there is the following layout, where entry is relative to the start of the exe in memory.
+ 0x00 : NB_ENTRIES [WORD]
+ 0x02 : ENTRY [WORD] * NB_ENTRIES
<dependency>
<groupId>io.github.albertus82</groupId>
<artifactId>unexepack</artifactId>
<version>0.3.0</version>
</dependency>unexepack <EXEPACK_file> [OUTPUT_FILE]
default output file is "unpacked"
EXEPACK_file : Specifies the input file to unpack
OUTPUT_FILE : Specifies the output file to which the unpacked executable results will be written to. Defaults to 'unpacked'.
If you are wondering if an game/executable is using EXEPACK, a list of EXEPACK executable is available here.
This list is based on the awesome Total DOS Collection Release 14 archive, thanks to the authors!