PureBasic Forums - English

How do we know that the current process (which is a Compressed Executable) has been already unpacked?

If it is running it is unpacked.

It depends what you mean by compressed. In a zip file? By UPX?

Quin wrote: Tue Jan 09, 2024 4:31 pm It depends what you mean by compressed. In a zip file? By UPX?

Hi,
It's compressed by a utility like UPX.
How to Programately check, if its unpacked in memory?

The UPX stub will unpack it and transfer execution - so everything is unpacked.

Actually, I 'm trying to detect the unpacking status in memory.
Once Executable is unpacked, a flag is raised such as MessageBox.
How can we do this using PureBasic.?

Not. The vague request makes no sense. Upx is added to your executable to compress it on disk while quickly decompressing it when run. If you want progress, you need to modify the upx stub itself (see github for its source). But the whole point of the thing is being fast and transparent. Mind you, it reduces needed disk space, but increases needed memory. Since its run from memory basically. Your executable itself is unaware of any unpacking because it can only start running when unpacked. Using upx variants are known malware techniques too btw.

And why "are you trying to detect unpacking status". What is the use case?

To manually unpack upx.exe -d packed.exe -o unpacked.exe . To detect when done: just check output filename

Yeah, I'm not really able to see why you'd want this. TO detect if an executable has been compressed with UPX on disk, you can utilize many tools, one of which being a PE header explorer (look for the 4 bytes UPX0 I believe).

Dear all,
I have a very specific question: How can I determine whether an Executable is already unpacked in memory using PureBasic?
If you're not familiar with this, kindly refrain from asking for additional details or reasons behind my inquiry.
Best regards.

lol

Than:

Inspect the source code of your used packer, or ask the developer how and when it is done.
Maybe he sets a flag in a global variable.

How should we should know what your are using?

It's compressed by a utility like UPX.

It is like:
I: Can you tell me how to repair my car?
You: Are you driving a VW Golf?
I: I drive something like a Ford Mustang.

I think you can not help me, because I drive an other sports car.
But I don't like to tell you which one.

So no help is possible.

Maya wrote: Mon Jan 15, 2024 5:55 am Dear all,
I have a very specific question: How can I determine whether an Executable is already unpacked in memory using PureBasic?
If you're not familiar with this, kindly refrain from asking for additional details or reasons behind my inquiry.
Best regards.

Please read given perfectly valid answer's, and refrain from asking the same vague nonsense question again and again without providing any of requested needed info. Anyway, answer is impossible and pointless. Thank you for reading,

I get the feeling that this is a language barrier, and they probably took all of our replies as being off-topic for whatever reason. In either case though I agree with this, you've been given a lot of valuable advice here.

Rinzwind wrote: Mon Jan 15, 2024 8:03 am

Maya wrote: Mon Jan 15, 2024 5:55 am Dear all,
I have a very specific question: How can I determine whether an Executable is already unpacked in memory using PureBasic?
If you're not familiar with this, kindly refrain from asking for additional details or reasons behind my inquiry.
Best regards.

Please read given perfectly valid answer's, and refrain from asking the same vague nonsense question again and again without providing any of requested needed info. Anyway, answer is impossible and pointless. Thank you for reading,