pe_unmapper

Question

pe_unmapper

TishSerg opened this issue 3 years ago · comments

Hello, hasherezade! I'm not sure if it's right place for this question, but still...

I tried to use your tool as it intended to be used. 2 dll dumped from memory are successfully converted. But 1 of them results in 0 bytes...
Here is that die hard dll
Could you check why pe_unmapper produces 0 bytes output from that dll, please?

I got your tool from here
BTW, why that repo no longer exist? Or it was renamed to something else?
Anyways, thank you for that piece of soft.

hasherezade · Answer 1 · Sat Jul 17 2021 02:06:58 GMT+0800 (China Standard Time)

hi! I don't recommend using the version from WebArchive, since it is a very old version! pe_unmapper is still maintained, just it is now stored somewhere else, as a part of the libpeconv project:
https://github.com/hasherezade/libpeconv/tree/master/pe_unmapper

hasherezade · Answer 2 · Sat Jul 17 2021 02:11:27 GMT+0800 (China Standard Time)

I checked it and I see that the new version had no problem converting your file. I am attaching the output here (password: demodemo):
drBase_0x01b63f050000_unmapped.dll.zip

TishSerg · Answer 3 · Sat Jul 17 2021 18:03:57 GMT+0800 (China Standard Time)

Thank you!
Glad to see your tool is not just alive but even more advanced.
Just checked other stuff on your site... I'm almost nothing have to do with reversing and when I see such skilled people in this... What I want to say is WOW. Just WOW.