Packer identifier (UPX, etc etc)
Here is one - place the attached TLPEViewUpx.exe in the TLPEView folder and drag any exe over it. Note that upx.exe must also be in that folder! Source:
include \masm32\MasmBasic\MasmBasic.inc ; download
Init
invoke CopyFileW, wCL$(), wChr$("PeViewTemp.exe"), 0 ; make a copy of the exe
Let esi=FileRead$("PeViewTemp.exe") ; check if it's UPXed
mov edx, LastFileSize
.if Instr_(FAST, esi, "UPX", 64) && edx<800 ; the match (in edx) is usually at pos 377 or so
Launch "upx -d PeViewTemp.exe", SW_RESTORE, 5000
.endif
Launch "TLPEViewSrc64 PeViewTemp.exe", SW_RESTORE, 127
.if WinByTitle("TLPEView64 - PeViewTemp.exe")
xchg eax, ecx ; the handle in eax will be trashed, so better use a safe reg32 ;-)
wSetWin$ ecx="TLPEViewSrc64 - "+wCL$() ; set the proper title
.endif
Kill "PeViewTemp.exe" ; remove garbage
EndOfCodeThe code might look unnecessarily complicated, but note that upx.exe
-d somefile.exe modifies
somefile.exe, which I wanted to avoid by using a temp file.
One weird thing is that Timo's exe does not load "exotic" files directly: I made a copy of \Masm32\MasmBasic\RichMasm.exe, called it
БогатыеMasm.exe and dragged it over TLPEViewSrc64.exe - no success, empty screen :(
Dragging a "Russian" file over my exe works, though, only that the caption will be incorrectly set to
TLPEView64 - ????Masm.exe (for unknown reasons, Timo's window does not accept Unicode).