Sietse Fliege said:
Thanks a lot, Karen. Useful info!
PE Tools is great. Also finds a lot more UPXed files than UPXFind.
Miraculous moment. Normally it's /you/ who consistently recommends so many
programs which I'd not known about, and meet my interests.
My uneducated guess is that the chances are slim that it's showing false
positives; it's much more likely is much better in identifying them.
And of course PE Tools also lists ASPacked files (and other info).
Yeah, I don't think there's much in the way of false positives. (There
was one problem child I did have - thegun.exe, a small text editor. UPX
won't decompress it. Maybe it used a special early version of UPX, or
maybe there's some sort of extra entanglement its author did. Opening
thegun's exe in notepad, its readout is odd, as far as the UPX strings,
and I don't know what's up.)
PETools sure works worlds better than the clumsy, messy method I'd
previously used for directory readouts. Before, I'd resorted to using
individual Find boxes, the "containing text" field, for strings like
these: [.asprotect] [upx] [.aspack].
The part where I am hoping for this prog's continued development, it would
be in its recognitions base. It gives me 20%+ output of "[unknown]." For
compressors, I'd like if it added in listing, to start, Asprotect, since
those seem to come up regularly enough in my experience. Then the other
part about its results "[unknown]," it'd be language recognition.
I haven't adequately explored those "[unknown]" occurrences towards
ascertaining where most often PETools falls short in the matter of what
main languages it cannot recognize....
In the meantime, I sometimes supplement it, by asking another program
about those individual execs that PETools can't profile. Language2000
has come through for me, often as not, for those cases.
http://farrokhi.net/language/
Wishlists aside, PETools stills serves very well, and I really appreciate
both the context menu click for a quick properties type read; and best,
its directory scan feature.
One comment. Re programming language readouts. That brings in one of the
reasons it's so inconvenient that such a huge number of programs try to
live it out as compressed PEs. That result where basic profiling is then
disabled. Not getting a direct answer about what's on my drive.
I ask, "Hi, guys, where y'all from?" And in return, from that crowd of execs
wrapped hard in their thick cacoons, there is only muted silence.
As for ASPack: I never sorted that out.
Now I definitely want to unpack e.g. IrfanView's files, as I not
seldomly have quite a few instances running.
I could not find a tool for that easily (had not much time and did not
search properly).
Do you have a freeware suggestion ready?
Sietse, for this, I have to the other side of the tracks, the backstreets,
late night...shuffle up to the dealers, on one of the infamous street
corners. I'm just a conservative middle-aged white woman, only need some
medical marijuana for my back, you know, but it's those back corners where
I go to get it.
http://www.exetools.com/
For Aspack decompressors, /unpackers.htm, they have a group of different
ones listed there. The one that I have been using is AspackDie 1.3c. It has
worked fine. And I ignore where it says "HaVe PhUn!" in the readme. <G>
That site has a number of things I'm interested in, tools for getting
information about programs, but as yet I've not downloaded extensively.
(It's a matter of feeling a tad nervous, that my AV & trojan-detection
arsenal best first be in top shape, before proceeding.)
