home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cool Page Magazine 16
/
CoolPage_16.iso
/
tools
/
unp.doc
< prev
next >
Wrap
Text File
|
1995-05-30
|
31KB
|
686 lines
│
│
─ ─┼─ ─
░░▌ ░░▌ ░░░░░░▌ ░░░░░░▌ ░░▌ ░░▌ ░░▌ ░░▌│
░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░░▌ ░░░▌
░░▌ ░░▌ ░░▌ ░░▌ ░░░░░░▌ ░░░░░░▌ ░░▌ ░░▌│
░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░░▌
░░░░░░▌ ░░▌ ░░▌ ░░▌ ░░▌ ░▌ ░░░░░░▌ ░░░░░░▌
───────────────────────────────────────────────┐
Written by Ben Castricum
May 30, 1995
This is the documentation belonging to and explaining the use of:
UNP V4.11
Executable file restore utility
TABLE OF CONTENTS:
DISCLAIMER
WHAT IS UNP ?
GENERAL INFO
HOW TO USE UNP
MESSAGES
NOTES ON COMPRESSORS
REGISTERING UNP
HEY! UNP IS COMPRESSED!
WHAT UNP CAN REMOVE
WHAT UNP CANNOT REMOVE
CONTACTING ME
Disclaimer
----------
Under NO circumstances I can be held responsible for any damage caused by
files in this or any other package containing programs written by me.
(That should do it :-)
What is UNP ?
-------------
UNP's main purpose is to restore executable files to their original state.
However it can do more than that. UNP can optimise EXE-headers, remove
debug information, convert files from one structure to the other, scan
directories for compressed files, reveal hidden viruses and even make files
that didn't run anymore run again.
General info
------------
Before you start using UNP, I would like to point out a few things which you
might take into consideration.
Compressed EXE files containing an overlay may not work correctly after they
have been decompressed. Decompression expands the code size of the EXE file
which also means that the overlay moves up. Some programs do not check where
the overlay currently is but just use a constant to get the overlay. If this
is the case, most anything can happen.
When you use UNP to convert a file to another structure, please take into
consideration that the converted program never runs under the exact same
conditions as it did before. Though these differences are likely not to
cause any problems with most programs, there are always programs which expect
just that what is changed by conversion.
UNP can do just about anything with files. This definately includes messing
up your files. For that reason it is always a good idea to have a backup of
the files your are going to process. Someone suggested to let the -b
(create backup) option turned on by default. Although this is a good idea,
it's still not 100% reliable.
UNP is not case sensitive in anyway, nor does it care about extensions. This
however does not mean that it is possible to convert files which are reported
by UNP to be "binary (.COM)" can all be converted to .EXE files. Files which
are not really .COM files (e.g. .BAT or .GIF) will not run or view the
picture when converted and executed.
How to use UNP
--------------
If you type UNP without any parameters then you will get the built-in help
screen of UNP which is explained below.
- Commands - These are 1 character long and only one can be specified on the
command line. It does not really matter where you put it. If no command is
specified, the E command is used.
c = convert to COM file
Some .EXE files can be converted to .COM files. You can do this by using
this command. Please note that the resulting file will not automaticly
have a .COM extention. You should only convert a file when you know
exactly what you are doing (see general info section).
d = make current options default
Using this command enables you to specify the default options yourself.
Simply type the options on the commandline you would like to have as
default and use this command. UNP will modify itself to the settings
as default. For example to let UNP always create a backup use
UNP d -b+
UNP stores the new settings in itself, which means that UNP is self-
modifying. With most anti-virus programs, this causes some alarm to go
off. Check your anti-virus program documentation on how to solve this
problem (see also: Hey! UNP is compressed!)
e = expand compressed file (default)
This command expands the compressed file. If you do not specify a
command, UNP will use this by default. Using this command without a
filename will result in unpacking all files in the current directory
i = show info only
If you just want some information about the file, this is the command to
use. UNP will show all information like the E command but will not
decompress or write the file back.
l = load and save
This command loads a .COM or .EXE file but does not expand it. It will be
written back just like a decompressed file would be written back. This is
useful in case you want to remove an overlay, irrelevant header data or
optimize the relocation items.
m = MarkEXE, insert a file in header
MarkEXE is a small utility supplied with PROTECT! EXE/COM V5.0. This
program can add a piece of text to an EXE file in such a way that when the
file is shown on screen the user can see that piece of text. The 'M'
command does not exactly do the same as MarkEXE. First it inserts the
file before the relocation items, this way any EOF markers in the
relocation items won't screw it up. Second, UNP does not place the same
piece of text at the end of the code, since I see this as more or less
screwing up the file.
o = copy overlay
A new (and probably rarely used) command is the overlay copy command.
With this you can get the overlay from some .EXE file and append to some
other .EXE file. The idea behind this is that when you use LZEXE as
compressor, the overlay is removed from the file. With this command you
can place the overlay back.
s = search for compressed files
When you use this command, only a small list of compressed files matching
the Infile wildcard will be generated. To save some space on the screen,
the pathname of the file will not be show. But since UNP does not work
recursive, it should not be a problem.
t = trace executable
My first attempt to a general unpacker can be found in this command.
Actually there are 2 different implemtations. The implementation used for
.COM files will single-step through a program and checking every
instruction if the original program has been restored. If UNP thinks it
has, it will stop and write the file back. Unfortunately this is a very
slow process. The .EXE implementation also single-steps through the file
but it checks every step to see if a known packer has been revealed. If
it has found one, it will remove it and write it the resulting file back.
If the program has not been compressed with a known packer, sooner or
later some interrupt will be used which UNP will detect and abort the
tracing.
x = convert to EXE file
Some compressors can only compress .EXE files (like LZEXE). With this
command you can convert a .COM file to an .EXE file. The resulting file
will not be written back with an .EXE extension by default. As with the
.EXE to .COM conversion, be sure you know what you're doing. Not all
programs can be converted.
- Options - Even more fun can be achieved with specifying options on the
command line. Options can be passed sepparated (like -a -b -c) but can also
be combined (like -abc). After each option there can be one of the
characters "-", "+" or "?". The first turns switches off, the second turns
them on and the third.. well it turns them on as well. But the real purpose
of the question mark is to force UNP to ask if it should do something.
Currently only the -K switch supports this. Options which are not followed
by one of the mentioned characters work as toggles, which means that using an
option twice will undo the previous (eg. -a -a has no result). However once
an option has been turned on with the question mark (like -a?) then you can
only turn it off by appending a - (like -a-). Still got it? :)
-? = help (this screen