Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXEpack multiple version handling #3

Open
w4kfu opened this issue Jan 2, 2019 · 4 comments
Open

EXEpack multiple version handling #3

w4kfu opened this issue Jan 2, 2019 · 4 comments
Labels
enhancement

Comments

@w4kfu
Copy link
Owner

w4kfu commented Jan 2, 2019

It seems that there are mutiple version of exepack with different headers.

The game Sid-Meiers-Railroad-Tycoon does not have the field skip_len in its header.

Update the tools so that every version is supported
@w4kfu
Copy link
Owner Author

w4kfu commented Jan 2, 2019

Current hack:

36c36
<       unsigned short skip_len;
---
>       //unsigned short skip_len;
138c138,139
<       reloc_length = eh->exepack_size - strlen("Packed file is corrupt") - sizeof (struct exepack_header) - 0x105; /* Unpacker Length */
---
>       //reloc_length = eh->exepack_size - strlen("Packed file is corrupt") - sizeof (struct exepack_header) - 0x105; /* Unpacker Length */
>     reloc_length = eh->exepack_size - strlen("Packed file is corrupt") - sizeof (struct exepack_header) - 0xFF; /* Unpacker Length */
146c147,148
<       reloc = buf_load + ((dh->e_cparhdr + dh->e_cs) * 16 - (eh->skip_len - 1) * 16) + sizeof (struct exepack_header) + 0x105;
---
>       //reloc = buf_load + ((dh->e_cparhdr + dh->e_cs) * 16 - (eh->skip_len - 1) * 16) + sizeof (struct exepack_header) + 0x105;
>     reloc = buf_load + ((dh->e_cparhdr + dh->e_cs) * 16) + sizeof (struct exepack_header) + 0xFF;
244c246,247
<       packed_data_end = exepack_offset - (eh->skip_len - 1) * 16;
---
>       //packed_data_end = exepack_offset - (eh->skip_len - 1) * 16;
>     packed_data_end = exepack_offset;

@Spork-Schivago
Copy link

The patch, for me, gets the unpacker to run further, but displays the following output:

SizeFile = 1207A
Header exepack = 111E0
PackedDataStart = 200
PackedDataEnd = 111E0
PackedDataLen = 10FE0
UnpackedDataLen = 18C00
OFFSET = 111DF
UNPACKED
Cannot find string "Packed file is corrupt", is it really EXEPACK ?

I open the exe with HxD and I can find the string, "Packed file is corrupt".

I use Detect-It Easy 2.01 to detect that it is EXEPACKed. Detect-It Easy 2.01 displays the packer as:

EXEPACK(3.69).

I can share the EXE with you if you'd like to investigate further...

@w4kfu
Copy link
Owner Author

w4kfu commented Jan 2, 2019

Yes can you please share it, thx

w4kfu added a commit that referenced this issue Jan 14, 2019
@w4kfu
Start rewritting (issue #2) ; Fix #3
5b6f53f
@w4kfu w4kfu mentioned this issue Jan 16, 2019
Merged
w4kfu added a commit that referenced this issue Jan 16, 2019
@w4kfu
Dev (#4)
df3e329 
Projet rewritting:
* Add a memory stream
* Fix issue #3 : Now it handle any EXEPACK version
@w4kfu
Copy link
Owner Author

w4kfu commented Jan 16, 2019

@Spork-Schivago, issue should be fixed, could you please test on your binary? thx!

w4kfu added a commit that referenced this issue Jan 17, 2019
@w4kfu
Project rewritting:
672f352 
* Add a memory stream
* Can now choose output file name [optional]
* Use unpacked_data_size instead of exepack dest_len
* Fix issue #3 : Now it handle any EXEPACK version (except non english
one)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@w4kfu @Spork-Schivago