June update of unpackers
Molebox VS unpacker
This update fixes unpacking very large embedded files. Before the fix, unpacker would crash with "out of memory" exception when embedded file was larger than ~800MB. Thanks to MMM for reporting the bug.
This update fixes unpacking very large embedded files. Before the fix, unpacker would crash with "out of memory" exception when embedded file was larger than ~800MB. Thanks to MMM for reporting the bug.
This is a quite big update for Molebox VS unpacker. It fixes most of the bugs I'm aware of:
It's still not perfect and will fail in some situations - but I didn't want to postpone the release any longer. Please let me know if it crashes for you and I'll try to fix the problem. smile
Read More
Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.
The fix was actually implemented a long time ago, I just didn't make the announcement.
Final release in 2018 fixes a bug that was reported by dehola.
As requested by fury...
Last few months have been... extra busy. I survived HDD crash, participated in Flare-On reversing contest (and finished 4th!), had quite fun projects at work - but all that is a matter of another story. Today I want to share with you a long-overdue update for unpackers.
If you have a file which uses "hide files" feature of Molebox VS, it only stores hash of the filename - original filenames are not stored anywhere. But if you have a good idea what the filename might be, you can add it to mole_dictionary.txt and my unpacker will use that for intelligent guessing.
Read More
1 |
[i] Loading large file, it might take some time... |
Known issue - for x64 executables exception directory is not restored. The unpacked executable will work until an exception happens. If you find any such executable, please send it to me and I'll work to improve the unpacker.
This is first BETA release of static unpacker for Molebox v4.x. It works for most of the files in my collection but is not well tested by any means. If you notice any bugs (trust me, you will!), please let me know.
Known limitations: way too many. Few most important ones:
So, why release it? I've had it like this for 5+ years now. It almost works. But without your feedback it will stay in this "almost working" state forever. The more bugs you report, the bigger the chance that I'll finally finish this project.. So, have fun!
Bugs reported by users. I'll work to fix the when I get some free time.
1 |
[x] VFSDecrypt: failed to find STELPACK signature |
1 |
[x] SPack catalog not found or invalid. vfsrootsize=00000000 |
1 |
[x] Exception loading extra box file |
This month brings us not one but two updated unpackers! smile
I still need to work on the UI-freeze issue. When unpacking very large files, UI will appear to be frozen until unpacking process completes. It may take 5+ minutes on very large files, please be patient!
This update has been long overdue. Finally it supports files larger than 2GB! smile
Full changelog:
Hopefully I didn't break anything during the rewrite. But if I did, send me an email and I'll fix it! smile
EDIT 2x: Very stupid error fixed. /me embarrassed. Sorry.
While working on a new version of my static EnigmaVB unpacker, I tried to generate test files to cover most of the Enigma Virtual Box features. In the process, I ran into quite a few bugs in Enigma Virtual Box v7.40.
So, here's a short list:
1. Importing REG file with wrapped lines:
1 2 |
"RootFolder"=hex:01,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,00,00,00,\ 64,00,00,00 |
Data get truncated at the end of first line.
2. Importing REG file with entry type REG_NONE:
1 |
"WMP11.AssocFile.3G2"=hex(0): |
It gets virtualized as a string value "hex(0):"
1. If size of any embedded file > 4GB: creates invalid x86 executable;
2. If total size of all embedded files > 4GB: creates invalid x86 executable;
3. If size of main EXE > 2 GB: creates executable that seems to be valid but won't run;
..and that's only for x86 executables. I wonder how many more issue will surface when I start testing x64 executables. wink
Since Enigma Virtual Box uses TLS callbacks to initialize its hooks and handlers, it will (accidentally?) break any executable that also uses TLS callbacks. However, it preserves TLS StartAddressOfRawData, EndAddressOfRawData and AddressofIndex fields. Very weird.. smile
Have fun (and remember to test your software properly)!