RL!dePacker v1.5


 :: Tehnical info:
   RL!dePacker has a build in option to detect OEP. However this option does not work with VB (always use FindOEP! function with VB applications and Force to manual OEP?) and some packers. So if RL!dePacker can not unpack the file use FindOEP! function to detect correct OEP, but use it only as a second resort since it can be jammed!
  ° Option Force OEP to manual address is used to force stopping on manual OEP address, use this option ONLY if packer can not be unpacked (the target runs instead of breaking at OEP or dumps at wrong OEP).
  ° Option Correct OEP to manual address is used correct OEP in PE header of the unpacked file.
  ° Option Hide unpacker from detection is used hide debugger from being detected by antiTricks. Option Use tracer to correct IAT is used to remove all known redirection types.
  ° Option Fix Import elimination is used on applications that relocate import table in memory outside PE32 file. This option has been tested with AlexProtector 1.0 and RLPack TE 1.18. Please note that even dow this option is in testing it should give good results on all known redirection types (see TitanEngine).
  ° Option Paste PE.Header from disk is used correct paste original PE header to the unpacked file.

   Generic unpacker can unpack ONLY packers that do not use IAT redirection, that don’t steal APIs and which fill out IAT table in correct order. All ordinals that can be converted to API names are converted, others are inserted into IAT as ordinals! Designed for NT systems, Windows 2000 or later but it should work on Windows Millenium if you have psapi.dll file!
   Please note that this unpacker does NOT work with AV/FW software (this means Kaspersky) which hooks LoadLibrary and GetProcAddress in ring3. If you do not want to change your AV/FW solution run this unpacker in VM. Then it should work fine.

 :: What is new:
- Updated engine parts with unrealeased SDK 1.5 libraries
- Tested with even more packers
- Minor unpacker changes

 :: Can I report a bug or contact the autors?
   Here is the contact information which you can use to contact us:
     WebSite:   http://www.reversinglabs.com
     Email:       support(at)reversinglabs(dot)(com)

 :: RL!dePacker is tested with 101+ packers:

 

aUS [Advanced UPX Scrambler] 0.4 - 0.5
ASPack 1.x - 2.x
ASPack Scrambler 0.1
ASDPack 2.0
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x
BJFNT 1.3
BeRoEXEPacker 1.x
BamBam 0.x
CryptoPeProtector 0.9x
Crunch x.x
CodeCrypt 0.16x
dot Fake Signer 3.x
dePack
eXPressor 1.2.x - 1.5.x
EZip 1.0
EP Protector 0.3
Escargot 0.x
EXEStealth 2.x
ExeSax 0.9x
FSG 1.xx & 2.0
Fusion x.x
Goat's PE Mutilator 1.6
hmimys-Packer 1.x
Hmimys PePack 1.0
HidePX 1.4
HidePE 2.1
ID Application Protector 1.2
JDPack 1.x
JDProtect 0.9
Just Another Pe Packer 0.5
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
mkfpack
NackedPack 1.0
nSPack 2.x - 3.x
nPack 1.x
NeoLite 1.x - 2.0
NWCC
OrIEN 2.1x
PECompact 1.x - 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
PackMan 0.0.0.1 & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PackItBitch
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
PESHiELD 0.25
Perplex PE-Protector 1.x
PeTite 1.0 - 1.3
PKLITE32 1.x
RLP 0.6.9 - 0.7.x
RLPack Basic Edition 1.x
RLPack Modifier Edition 1.x
ReCrypt 0.15 - 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SPEC b3
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x - 2.x
UPXRedir
UPXCrypt
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
VPacker 0.02.10
WWPack32 1.x
WinUPack 0.2x - 0.3x
Winkript 1.0
yC 1.x
yZPack 1.x - 2.x
32Lite 0.3a
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2