Error while unpacking given PECompact samples

[SigmaStar]

I have installed unipacker but it cannot unpack PECompact samples:

It gives following errors:
`Next up: Sample: [PECompact] lbop20_PECompact.exe
Traceback (most recent call last):
File "/home/wnm/anaconda3/envs/sunflower/bin/unipacker", line 33, in
sys.exit(load_entry_point('unipacker==1.0.7', 'console_scripts', 'unipacker')())
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/shell.py", line 786, in main
Shell()
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/shell.py", line 86, in init
IOHandler(samples, args.dest, args.partition_by_packer)
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/io_handler.py", line 17, in init
self.handle_sample(sample, dest_dir, partition_by_packer)
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/io_handler.py", line 30, in handle_sample
engine = UnpackerEngine(sample, dest_file)
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/core.py", line 159, in init
self.init_uc()
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unipacker-1.0.7-py3.8.egg/unipacker/core.py", line 446, in init_uc
self.uc.mem_write(self.sample.BASE_ADDR, self.sample.loaded_image)
File "/home/wnm/anaconda3/envs/sunflower/lib/python3.8/site-packages/unicorn_unipacker-1.0.3b7-py3.8-linux-x86_64.egg/unicorn/unicorn.py", line 441, in mem_write
status = _uc.uc_mem_write(self._uch, address, data, len(data))
ctypes.ArgumentError: argument 3: <class 'TypeError'>: wrong type

• still running -`

[SigmaStar]

I found the reason, it's pefile, pefile.get_memory_mapped_image sometime return bytearray

[SigmaStar]

But, after I fix that error, unipacker still cannot finish unpacking:

Next up: Sample: [PECompact] lbop20_PECompact.exe
Emulation starting at 0x401252
Invalid memory access UC_MEM_READ_UNMAPPED, addr: 0x8024a8

Emulation of lbop20_PECompact.exe finished.
--- Saved to ./unpacked_lbop20_PECompact.exe ---

[attilamester]

But, after I fix that error, unipacker still cannot finish unpacking:

Next up: Sample: [PECompact] lbop20_PECompact.exe
Emulation starting at 0x401252
Invalid memory access UC_MEM_READ_UNMAPPED, addr: 0x8024a8

Emulation of lbop20_PECompact.exe finished.
--- Saved to ./unpacked_lbop20_PECompact.exe ---

receiving the same error on various other samples from BODMAS dataset

[MrROBUST]

I found the reason, it's pefile, pefile.get_memory_mapped_image sometime return bytearray

Hello @SigmaStar, is it possible to simply convert the result of get_memory_mapped_image to bytes? I ran into the same problem and adding this simple conversion allowed unipacker to do the job perfectly.

[SigmaStar]

Yes, you can. I've already done that. Actually they are the same thing but different format. I guess this is a bug of pefile module.

…

---Original--- From: ***@***.***&gt; Date: Sat, May 18, 2024 01:19 AM To: ***@***.***&gt;; Cc: ***@***.******@***.***&gt;; Subject: Re: [unipacker/unipacker] Error while unpacking given PECompactsamples (Issue #54) I found the reason, it's pefile, pefile.get_memory_mapped_image sometime return bytearray Hello @SigmaStar, is it possible to simply convert the result of get_memory_mapped_image to bytes? I ran into the same problem and adding this simple conversion allowed unipacker to do the job perfectly. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***&gt;