Everytime I try to unpack the attached file (packed with ASPack), unipacker shows this error a lot of times, but still unpacks the file. But when run, the unpacked file crashes immediately.
Error:
Section hopping detected into external! Address: 0x1e42e
Totalsize:0x2f6000, VirtualMemorySize:0x2f6000
Allocated Chunks:
(0x5fb000, 0x6f6000)
Setting unpacked Entry Point
OEP:-0x3e1bd2
Fixing Imports...
OrderedDict([('kernel32.dll#0', [('VirtualAlloc', 1943881216), ('VirtualFree', 1943882464)]), ('kernel32.dll#1', [('DeleteCriticalSection', 1065092), ('LeaveCriticalSection', 1065100), ('EnterCriticalSection', 1065108), ('InitializeCriticalSection', 1065116), ('VirtualFree', 1943882464), ('VirtualAlloc', 1943881216), ('LocalFree', 1065124), ('LocalAlloc', 1065132), ('GetCurrentThreadId', 1065140), ('InterlockedDecrement', 1065148), ('InterlockedIncrement', 1065156), ('VirtualQuery', 1065164), ('WideCharToMultiByte', 1065172), ('MultiByteToWideChar', 1065180), ('lstrlenA', 1065188), ('lstrcpynA', 1065196), ('LoadLibraryExA', 1065204), ('GetThreadLocale', 1065212), ('GetStartupInfoA', 1065220), ('GetProcAddress', 1064964), ('GetModuleHandleA', 1064972), ('GetModuleFileNameA', 1065228), ('GetLocaleInfoA', 1065236), ('GetLastError', 1065244), ('GetCommandLineA', 1065252), ('FreeLibrary', 1065260), ('FindFirstFileA', 1065268), ('FindClose', 1065276), ('ExitProcess', 1065284), ('WriteFile', 1065292), ('UnhandledExceptionFilter', 1065300), ('SetFilePointer', 1065308), ('SetEndOfFile', 1065316), ('RtlUnwind', 1065324), ('ReadFile', 1065332), ('RaiseException', 1065340), ('GetStdHandle', 1065348), ('GetFileSize', 1065356), ('GetSystemTime', 1065364), ('GetFileType', 1065372), ('CreateFileA', 1065380), ('CloseHandle', 1065388)]), ('user32.dll#0', [('GetKeyboardType', 1064988), ('LoadStringA', 1065396), ('MessageBoxA', 1065404), ('CharNextA', 1065412)]), ('advapi32.dll#0', [('RegQueryValueExA', 1064996), ('RegOpenKeyExA', 1065420), ('RegCloseKey', 1065428)]), ('oleaut32.dll#0', [('SysFreeString', 1065004), ('SysReAllocStringLen', 1065436), ('SysAllocStringLen', 1065444)]), ('kernel32.dll#2', [('TlsSetValue', 1065452), ('TlsGetValue', 1065460), ('LocalAlloc', 1065132), ('GetModuleHandleA', 1064972)]), ('advapi32.dll#1', [('RegQueryValueExA', 1064996), ('RegOpenKeyExA', 1065420), ('RegCloseKey', 1065428)]), ('kernel32.dll#3', [('lstrcpyA', 1065468), ('WriteFile', 1065292), ('WaitForSingleObject', 1065476), ('VirtualQuery', 1065164), ('VirtualAlloc', 1943881216), ('Sleep', 1065484), ('SizeofResource', 1065492), ('SetThreadLocale', 1065500), ('SetFilePointer', 1065308), ('SetEvent', 1065508), ('SetErrorMode', 1065516), ('SetEndOfFile', 1065316), ('ResetEvent', 1065524), ('ReadFile', 1065332), ('MultiByteToWideChar', 1065180), ('MulDiv', 1065532), ('LockResource', 1065540), ('LoadResource', 1065548), ('LoadLibraryA', 1064980), ('LeaveCriticalSection', 1065100), ('InitializeCriticalSection', 1065116), ('GlobalUnlock', 1065556), ('GlobalSize', 1065564), ('GlobalReAlloc', 1065572), ('GlobalHandle', 1065580), ('GlobalLock', 1065588), ('GlobalFree', 1065596), ('GlobalFindAtomA', 1065604), ('GlobalDeleteAtom', 1065612), ('GlobalAlloc', 1065620), ('GlobalAddAtomA', 1065628), ('GetVersionExA', 1065636), ('GetVersion', 1065644), ('GetUserDefaultLCID', 1065652), ('GetTickCount', 1065660), ('GetThreadLocale', 1065212), ('GetSystemInfo', 1065668), ('GetStringTypeExA', 1065676), ('GetStdHandle', 1065348), ('GetProcAddress', 1064964), ('GetModuleHandleA', 1064972), ('GetModuleFileNameA', 1065228), ('GetLocaleInfoA', 1065236), ('GetLastError', 1065244), ('GetDiskFreeSpaceA', 1065684), ('GetCurrentThreadId', 1065140), ('GetCurrentProcessId', 1065692), ('GetComputerNameA', 1065700), ('GetCPInfo', 1065708), ('GetACP', 1065716), ('FreeResource', 1065724), ('FreeLibrary', 1065260), ('FormatMessageA', 1065732), ('FindResourceA', 1065740), ('EnumCalendarInfoA', 1065748), ('EnterCriticalSection', 1065108), ('DeleteFileA', 1065756), ('DeleteCriticalSection', 1065092), ('CreateThread', 1065764), ('CreateFileA', 1065380), ('CreateEventA', 1065772), ('CompareStringA', 1065780), ('CloseHandle', 1065388)]), ('gdi32.dll#0', [('UnrealizeObject', 1065020), ('StretchBlt', 1065788), ('SetWindowOrgEx', 1065796), ('SetWinMetaFileBits', 1065804), ('SetViewportOrgEx', 1065812), ('SetTextColor', 1065820), ('SetStretchBltMode', 1065828), ('SetROP2', 1065836), ('SetPixel', 1065844), ('SetMapMode', 1065852), ('SetEnhMetaFileBits', 1065860), ('SetDIBColorTable', 1065868), ('SetBrushOrgEx', 1065876), ('SetBkMode', 1065884), ('SetBkColor', 1065892), ('SelectPalette', 1065900), ('SelectObject', 1065908), ('SaveDC', 1065916), ('RestoreDC', 1065924), ('Rectangle', 1065932), ('RectVisible', 1065940), ('RealizePalette', 1065948), ('Polyline', 1065956), ('PlayEnhMetaFile', 1065964), ('Pie', 1065972), ('PatBlt', 1065980), ('MoveToEx', 1065988), ('MaskBlt', 1065996), ('LineTo', 1066004), ('LPtoDP', 1066012), ('IntersectClipRect', 1066020), ('GetWindowOrgEx', 1066028), ('GetWinMetaFileBits', 1066036), ('GetTextMetricsA', 1066044), ('GetTextExtentPoint32A', 1066052), ('GetSystemPaletteEntries', 1066060), ('GetStockObject', 1066068), ('GetPixel', 1066076), ('GetPaletteEntries', 1066084), ('GetObjectA', 1066092), ('GetEnhMetaFilePaletteEntries', 1066100), ('GetEnhMetaFileHeader', 1066108), ('GetEnhMetaFileDescriptionA', 1066116), ('GetEnhMetaFileBits', 1066124), ('GetDeviceCaps', 1066132), ('GetDIBits', 1066140), ('GetDIBColorTable', 1066148), ('GetDCOrgEx', 1066156), ('GetCurrentPositionEx', 1066164), ('GetClipBox', 1066172), ('GetBrushOrgEx', 1066180), ('GetBitmapBits', 1066188), ('ExtTextOutA', 1066196), ('ExcludeClipRect', 1066204), ('Ellipse', 1066212), ('DeleteObject', 1066220), ('DeleteEnhMetaFile', 1066228), ('DeleteDC', 1066236), ('CreateSolidBrush', 1066244), ('CreatePenIndirect', 1066252), ('CreatePalette', 1066260), ('CreateHalftonePalette', 1066268), ('CreateFontIndirectA', 1066276), ('CreateEnhMetaFileA', 1066284), ('CreateDIBitmap', 1066292), ('CreateDIBSection', 1066300), ('CreateCompatibleDC', 1066308), ('CreateCompatibleBitmap', 1066316), ('CreateBrushIndirect', 1066324), ('CreateBitmap', 1066332), ('CopyEnhMetaFileA', 1066340), ('CloseEnhMetaFile', 1066348), ('BitBlt', 1066356)]), ('user32.dll#1', [('WindowFromPoint', 1065028), ('WinHelpA', 1066364), ('WaitMessage', 1066372), ('UpdateWindow', 1066380), ('UnregisterClassA', 1066388), ('UnhookWindowsHookEx', 1066396), ('TranslateMessage', 1066404), ('TranslateMDISysAccel', 1066412), ('TrackPopupMenu', 1066420), ('SystemParametersInfoA', 1066428), ('ShowWindow', 1066436), ('ShowScrollBar', 1066444), ('ShowOwnedPopups', 1066452), ('ShowCursor', 1066460), ('SetWindowsHookExA', 1066468), ('SetWindowTextA', 1066476), ('SetWindowPos', 1066484), ('SetWindowPlacement', 1066492), ('SetWindowLongA', 1066500), ('SetTimer', 1066508), ('SetScrollRange', 1066516), ('SetScrollPos', 1066524), ('SetScrollInfo', 1066532), ('SetRect', 1066540), ('SetPropA', 1066548), ('SetMenuItemInfoA', 1066556), ('SetMenu', 1066564), ('SetForegroundWindow', 1066572), ('SetFocus', 1066580), ('SetCursor', 1066588), ('SetClassLongA', 1066596), ('SetCapture', 1066604), ('SetActiveWindow', 1066612), ('SendMessageA', 1066620), ('ScrollWindow', 1066628), ('ScreenToClient', 1066636), ('RemovePropA', 1066644), ('RemoveMenu', 1066652), ('ReleaseDC', 1066660), ('ReleaseCapture', 1066668), ('RegisterWindowMessageA', 1066676), ('RegisterClipboardFormatA', 1066684), ('RegisterClassA', 1066692), ('RedrawWindow', 1066700), ('PtInRect', 1066708), ('PostQuitMessage', 1066716), ('PostMessageA', 1066724), ('PeekMessageA', 1066732), ('OffsetRect', 1066740), ('OemToCharA', 1066748), ('MessageBoxA', 1065404), ('MapWindowPoints', 1066756), ('MapVirtualKeyA', 1066764), ('LoadStringA', 1065396), ('LoadKeyboardLayoutA', 1066772), ('LoadIconA', 1066780), ('LoadCursorA', 1066788), ('LoadBitmapA', 1066796), ('KillTimer', 1066804), ('IsZoomed', 1066812), ('IsWindowVisible', 1066820), ('IsWindowEnabled', 1066828), ('IsWindow', 1066836), ('IsRectEmpty', 1066844), ('IsIconic', 1066852), ('IsDialogMessageA', 1066860), ('IsChild', 1066868), ('InvalidateRect', 1066876), ('IntersectRect', 1066884), ('InsertMenuItemA', 1066892), ('InsertMenuA', 1066900), ('InflateRect', 1066908), ('GetWindowThreadProcessId', 1066916), ('GetWindowTextA', 1066924), ('GetWindowRect', 1066932), ('GetWindowPlacement', 1066940), ('GetWindowLongA', 1066948), ('GetWindowDC', 1066956), ('GetTopWindow', 1066964), ('GetSystemMetrics', 1066972), ('GetSystemMenu', 1066980), ('GetSysColor', 1066988), ('GetSubMenu', 1066996), ('GetScrollRange', 1067004), ('GetScrollPos', 1067012), ('GetScrollInfo', 1067020), ('GetPropA', 1067028), ('GetParent', 1067036), ('GetWindow', 1067044), ('GetMessageTime', 1067052), ('GetMenuStringA', 1067060), ('GetMenuState', 1067068), ('GetMenuItemInfoA', 1067076), ('GetMenuItemID', 1067084), ('GetMenuItemCount', 1067092), ('GetMenu', 1067100), ('GetLastActivePopup', 1067108), ('GetKeyboardState', 1067116), ('GetKeyboardLayoutList', 1067124), ('GetKeyboardLayout', 1067132), ('GetKeyState', 1067140), ('GetKeyNameTextA', 1067148), ('GetIconInfo', 1067156), ('GetForegroundWindow', 1067164), ('GetFocus', 1067172), ('GetDesktopWindow', 1067180), ('GetDCEx', 1067188), ('GetDC', 1067196), ('GetCursorPos', 1067204), ('GetCursor', 1067212), ('GetClipboardData', 1067220), ('GetClientRect', 1067228), ('GetClassNameA', 1067236), ('GetClassInfoA', 1067244), ('GetCapture', 1067252), ('GetActiveWindow', 1067260), ('FrameRect', 1067268), ('FindWindowA', 1067276), ('FillRect', 1067284), ('EqualRect', 1067292), ('EnumWindows', 1067300), ('EnumThreadWindows', 1067308), ('EndPaint', 1067316), ('EnableWindow', 1067324), ('EnableScrollBar', 1067332), ('EnableMenuItem', 1067340), ('DrawTextA', 1067348), ('DrawMenuBar', 1067356), ('DrawIconEx', 1067364), ('DrawIcon', 1067372), ('DrawFrameControl', 1067380), ('DrawFocusRect', 1067388), ('DrawEdge', 1067396), ('DispatchMessageA', 1067404), ('DestroyWindow', 1067412), ('DestroyMenu', 1067420), ('DestroyIcon', 1067428), ('DestroyCursor', 1067436), ('DeleteMenu', 1067444), ('DefWindowProcA', 1067452), ('DefMDIChildProcA', 1067460), ('DefFrameProcA', 1067468), ('CreateWindowExA', 1067476), ('CreatePopupMenu', 1067484), ('CreateMenu', 1067492), ('CreateIcon', 1067500), ('ClientToScreen', 1067508), ('CheckMenuItem', 1067516), ('CallWindowProcA', 1067524), ('CallNextHookEx', 1067532), ('BeginPaint', 1067540), ('CharNextA', 1065412), ('CharLowerBuffA', 1067548), ('CharLowerA', 1067556), ('AdjustWindowRectEx', 1067564), ('ActivateKeyboardLayout', 1067572)]), ('kernel32.dll#4', [('Sleep', 1065484)]), ('oleaut32.dll#1', [('SafeArrayPtrOfIndex', 1065036), ('SafeArrayPutElement', 1067580), ('SafeArrayGetElement', 1067588), ('SafeArrayGetUBound', 1067596), ('SafeArrayGetLBound', 1067604), ('SafeArrayRedim', 1067612), ('SafeArrayCreate', 1067620), ('VariantChangeTypeEx', 1067628), ('VariantCopyInd', 1067636), ('VariantCopy', 1067644), ('VariantClear', 1067652), ('VariantInit', 1067660)]), ('ole32.dll#0', [('CreateStreamOnHGlobal', 1065044), ('IsAccelerator', 1067668), ('OleDraw', 1067676), ('OleSetMenuDescriptor', 1067684), ('CoTaskMemFree', 1067692), ('ProgIDFromCLSID', 1067700), ('StringFromCLSID', 1067708), ('CoCreateInstance', 1067716), ('CoGetClassObject', 1067724), ('CoUninitialize', 1067732), ('CoInitialize', 1067740), ('IsEqualGUID', 1067748)]), ('oleaut32.dll#2', [('GetErrorInfo', 1065052), ('GetActiveObject', 1067756), ('SysFreeString', 1065004)]), ('comctl32.dll#0', [('ImageList_SetIconSize', 1065060), ('ImageList_GetIconSize', 1067764), ('ImageList_Write', 1067772), ('ImageList_Read', 1067780), ('ImageList_GetDragImage', 1067788), ('ImageList_DragShowNolock', 1067796), ('ImageList_SetDragCursorImage', 1067804), ('ImageList_DragMove', 1067812), ('ImageList_DragLeave', 1067820), ('ImageList_DragEnter', 1067828), ('ImageList_EndDrag', 1067836), ('ImageList_BeginDrag', 1067844), ('ImageList_Remove', 1067852), ('ImageList_DrawEx', 1067860), ('ImageList_Replace', 1067868), ('ImageList_Draw', 1067876), ('ImageList_GetBkColor', 1067884), ('ImageList_SetBkColor', 1067892), ('ImageList_ReplaceIcon', 1067900), ('ImageList_Add', 1067908), ('ImageList_GetImageCount', 1067916), ('ImageList_Destroy', 1067924), ('ImageList_Create', 1067932), ('InitCommonControls', 1067940)]), ('shell32.dll#0', [('ShellExecuteA', 1065068)]), ('wsock32.dll#0', [('WSACleanup', 1065076), ('WSAStartup', 1067948), ('WSAGetLastError', 1067956), ('WSAAsyncGetHostByName', 1067964), ('WSAAsyncSelect', 1067972), ('socket', 1067980), ('setsockopt', 1067988), ('send', 1067996), ('recv', 1068004), ('listen', 1068012), ('inet_ntoa', 1068020), ('inet_addr', 1068028), ('htons', 1068036), ('getsockname', 1068044), ('connect', 1068052), ('closesocket', 1068060), ('bind', 1068068), ('accept', 1068076)]), ('winmm.dll#0', [('PlaySoundA', 1065084)])])
Exception ignored on calling ctypes callback function: <bound method Uc._hookcode_cb of <unicorn.unicorn.Uc object at 0x73981023abc0>>
Traceback (most recent call last):
File "/home/domca/.local/lib/python3.10/site-packages/unicorn/unicorn.py", line 494, in _hookcode_cb
cb(self, address, size, data)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/core.py", line 232, in hook_code
self.sample.unpacker.dump(uc, self.apicall_handler, self.sample, self.unpack_path)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/unpackers.py", line 60, in dump
self.dumper.dump_image(uc, self.BASE_ADDR, self.virtualmemorysize, apicall_handler, sample, path)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 458, in dump_image
hdr = self.fix_imports(uc, hdr, virtualmemorysize, total_size, dllname_to_functionlist, sample.original_imports)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 511, in fix_imports
return super().fix_imports_by_rebuilding(uc, hdr, virtualmemorysize, total_size, dllname_to_functionlist)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 209, in fix_imports_by_rebuilding
ptr_iat = self.find_iat(uc, hdr.base_addr, total_size, iat_array, dll_name)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 138, in find_iat
with pe_write(uc, base_addr, total_size, self.brokenimport_dump_file, temporary=True):
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/headers.py", line 487, in init
data = uc.mem_read(base_addr, total_size)
File "/home/domca/.local/lib/python3.10/site-packages/unicorn/unicorn.py", line 436, in mem_read
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
Pvpsmajlici.zip (I had to zip the file, because otherwise, GitHub didn't let me upload it.)
Everytime I try to unpack the attached file (packed with ASPack), unipacker shows this error a lot of times, but still unpacks the file. But when run, the unpacked file crashes immediately.
Error:
Section hopping detected into external! Address: 0x1e42e
Totalsize:0x2f6000, VirtualMemorySize:0x2f6000
Allocated Chunks:
(0x5fb000, 0x6f6000)
Setting unpacked Entry Point
OEP:-0x3e1bd2
Fixing Imports...
OrderedDict([('kernel32.dll#0', [('VirtualAlloc', 1943881216), ('VirtualFree', 1943882464)]), ('kernel32.dll#1', [('DeleteCriticalSection', 1065092), ('LeaveCriticalSection', 1065100), ('EnterCriticalSection', 1065108), ('InitializeCriticalSection', 1065116), ('VirtualFree', 1943882464), ('VirtualAlloc', 1943881216), ('LocalFree', 1065124), ('LocalAlloc', 1065132), ('GetCurrentThreadId', 1065140), ('InterlockedDecrement', 1065148), ('InterlockedIncrement', 1065156), ('VirtualQuery', 1065164), ('WideCharToMultiByte', 1065172), ('MultiByteToWideChar', 1065180), ('lstrlenA', 1065188), ('lstrcpynA', 1065196), ('LoadLibraryExA', 1065204), ('GetThreadLocale', 1065212), ('GetStartupInfoA', 1065220), ('GetProcAddress', 1064964), ('GetModuleHandleA', 1064972), ('GetModuleFileNameA', 1065228), ('GetLocaleInfoA', 1065236), ('GetLastError', 1065244), ('GetCommandLineA', 1065252), ('FreeLibrary', 1065260), ('FindFirstFileA', 1065268), ('FindClose', 1065276), ('ExitProcess', 1065284), ('WriteFile', 1065292), ('UnhandledExceptionFilter', 1065300), ('SetFilePointer', 1065308), ('SetEndOfFile', 1065316), ('RtlUnwind', 1065324), ('ReadFile', 1065332), ('RaiseException', 1065340), ('GetStdHandle', 1065348), ('GetFileSize', 1065356), ('GetSystemTime', 1065364), ('GetFileType', 1065372), ('CreateFileA', 1065380), ('CloseHandle', 1065388)]), ('user32.dll#0', [('GetKeyboardType', 1064988), ('LoadStringA', 1065396), ('MessageBoxA', 1065404), ('CharNextA', 1065412)]), ('advapi32.dll#0', [('RegQueryValueExA', 1064996), ('RegOpenKeyExA', 1065420), ('RegCloseKey', 1065428)]), ('oleaut32.dll#0', [('SysFreeString', 1065004), ('SysReAllocStringLen', 1065436), ('SysAllocStringLen', 1065444)]), ('kernel32.dll#2', [('TlsSetValue', 1065452), ('TlsGetValue', 1065460), ('LocalAlloc', 1065132), ('GetModuleHandleA', 1064972)]), ('advapi32.dll#1', [('RegQueryValueExA', 1064996), ('RegOpenKeyExA', 1065420), ('RegCloseKey', 1065428)]), ('kernel32.dll#3', [('lstrcpyA', 1065468), ('WriteFile', 1065292), ('WaitForSingleObject', 1065476), ('VirtualQuery', 1065164), ('VirtualAlloc', 1943881216), ('Sleep', 1065484), ('SizeofResource', 1065492), ('SetThreadLocale', 1065500), ('SetFilePointer', 1065308), ('SetEvent', 1065508), ('SetErrorMode', 1065516), ('SetEndOfFile', 1065316), ('ResetEvent', 1065524), ('ReadFile', 1065332), ('MultiByteToWideChar', 1065180), ('MulDiv', 1065532), ('LockResource', 1065540), ('LoadResource', 1065548), ('LoadLibraryA', 1064980), ('LeaveCriticalSection', 1065100), ('InitializeCriticalSection', 1065116), ('GlobalUnlock', 1065556), ('GlobalSize', 1065564), ('GlobalReAlloc', 1065572), ('GlobalHandle', 1065580), ('GlobalLock', 1065588), ('GlobalFree', 1065596), ('GlobalFindAtomA', 1065604), ('GlobalDeleteAtom', 1065612), ('GlobalAlloc', 1065620), ('GlobalAddAtomA', 1065628), ('GetVersionExA', 1065636), ('GetVersion', 1065644), ('GetUserDefaultLCID', 1065652), ('GetTickCount', 1065660), ('GetThreadLocale', 1065212), ('GetSystemInfo', 1065668), ('GetStringTypeExA', 1065676), ('GetStdHandle', 1065348), ('GetProcAddress', 1064964), ('GetModuleHandleA', 1064972), ('GetModuleFileNameA', 1065228), ('GetLocaleInfoA', 1065236), ('GetLastError', 1065244), ('GetDiskFreeSpaceA', 1065684), ('GetCurrentThreadId', 1065140), ('GetCurrentProcessId', 1065692), ('GetComputerNameA', 1065700), ('GetCPInfo', 1065708), ('GetACP', 1065716), ('FreeResource', 1065724), ('FreeLibrary', 1065260), ('FormatMessageA', 1065732), ('FindResourceA', 1065740), ('EnumCalendarInfoA', 1065748), ('EnterCriticalSection', 1065108), ('DeleteFileA', 1065756), ('DeleteCriticalSection', 1065092), ('CreateThread', 1065764), ('CreateFileA', 1065380), ('CreateEventA', 1065772), ('CompareStringA', 1065780), ('CloseHandle', 1065388)]), ('gdi32.dll#0', [('UnrealizeObject', 1065020), ('StretchBlt', 1065788), ('SetWindowOrgEx', 1065796), ('SetWinMetaFileBits', 1065804), ('SetViewportOrgEx', 1065812), ('SetTextColor', 1065820), ('SetStretchBltMode', 1065828), ('SetROP2', 1065836), ('SetPixel', 1065844), ('SetMapMode', 1065852), ('SetEnhMetaFileBits', 1065860), ('SetDIBColorTable', 1065868), ('SetBrushOrgEx', 1065876), ('SetBkMode', 1065884), ('SetBkColor', 1065892), ('SelectPalette', 1065900), ('SelectObject', 1065908), ('SaveDC', 1065916), ('RestoreDC', 1065924), ('Rectangle', 1065932), ('RectVisible', 1065940), ('RealizePalette', 1065948), ('Polyline', 1065956), ('PlayEnhMetaFile', 1065964), ('Pie', 1065972), ('PatBlt', 1065980), ('MoveToEx', 1065988), ('MaskBlt', 1065996), ('LineTo', 1066004), ('LPtoDP', 1066012), ('IntersectClipRect', 1066020), ('GetWindowOrgEx', 1066028), ('GetWinMetaFileBits', 1066036), ('GetTextMetricsA', 1066044), ('GetTextExtentPoint32A', 1066052), ('GetSystemPaletteEntries', 1066060), ('GetStockObject', 1066068), ('GetPixel', 1066076), ('GetPaletteEntries', 1066084), ('GetObjectA', 1066092), ('GetEnhMetaFilePaletteEntries', 1066100), ('GetEnhMetaFileHeader', 1066108), ('GetEnhMetaFileDescriptionA', 1066116), ('GetEnhMetaFileBits', 1066124), ('GetDeviceCaps', 1066132), ('GetDIBits', 1066140), ('GetDIBColorTable', 1066148), ('GetDCOrgEx', 1066156), ('GetCurrentPositionEx', 1066164), ('GetClipBox', 1066172), ('GetBrushOrgEx', 1066180), ('GetBitmapBits', 1066188), ('ExtTextOutA', 1066196), ('ExcludeClipRect', 1066204), ('Ellipse', 1066212), ('DeleteObject', 1066220), ('DeleteEnhMetaFile', 1066228), ('DeleteDC', 1066236), ('CreateSolidBrush', 1066244), ('CreatePenIndirect', 1066252), ('CreatePalette', 1066260), ('CreateHalftonePalette', 1066268), ('CreateFontIndirectA', 1066276), ('CreateEnhMetaFileA', 1066284), ('CreateDIBitmap', 1066292), ('CreateDIBSection', 1066300), ('CreateCompatibleDC', 1066308), ('CreateCompatibleBitmap', 1066316), ('CreateBrushIndirect', 1066324), ('CreateBitmap', 1066332), ('CopyEnhMetaFileA', 1066340), ('CloseEnhMetaFile', 1066348), ('BitBlt', 1066356)]), ('user32.dll#1', [('WindowFromPoint', 1065028), ('WinHelpA', 1066364), ('WaitMessage', 1066372), ('UpdateWindow', 1066380), ('UnregisterClassA', 1066388), ('UnhookWindowsHookEx', 1066396), ('TranslateMessage', 1066404), ('TranslateMDISysAccel', 1066412), ('TrackPopupMenu', 1066420), ('SystemParametersInfoA', 1066428), ('ShowWindow', 1066436), ('ShowScrollBar', 1066444), ('ShowOwnedPopups', 1066452), ('ShowCursor', 1066460), ('SetWindowsHookExA', 1066468), ('SetWindowTextA', 1066476), ('SetWindowPos', 1066484), ('SetWindowPlacement', 1066492), ('SetWindowLongA', 1066500), ('SetTimer', 1066508), ('SetScrollRange', 1066516), ('SetScrollPos', 1066524), ('SetScrollInfo', 1066532), ('SetRect', 1066540), ('SetPropA', 1066548), ('SetMenuItemInfoA', 1066556), ('SetMenu', 1066564), ('SetForegroundWindow', 1066572), ('SetFocus', 1066580), ('SetCursor', 1066588), ('SetClassLongA', 1066596), ('SetCapture', 1066604), ('SetActiveWindow', 1066612), ('SendMessageA', 1066620), ('ScrollWindow', 1066628), ('ScreenToClient', 1066636), ('RemovePropA', 1066644), ('RemoveMenu', 1066652), ('ReleaseDC', 1066660), ('ReleaseCapture', 1066668), ('RegisterWindowMessageA', 1066676), ('RegisterClipboardFormatA', 1066684), ('RegisterClassA', 1066692), ('RedrawWindow', 1066700), ('PtInRect', 1066708), ('PostQuitMessage', 1066716), ('PostMessageA', 1066724), ('PeekMessageA', 1066732), ('OffsetRect', 1066740), ('OemToCharA', 1066748), ('MessageBoxA', 1065404), ('MapWindowPoints', 1066756), ('MapVirtualKeyA', 1066764), ('LoadStringA', 1065396), ('LoadKeyboardLayoutA', 1066772), ('LoadIconA', 1066780), ('LoadCursorA', 1066788), ('LoadBitmapA', 1066796), ('KillTimer', 1066804), ('IsZoomed', 1066812), ('IsWindowVisible', 1066820), ('IsWindowEnabled', 1066828), ('IsWindow', 1066836), ('IsRectEmpty', 1066844), ('IsIconic', 1066852), ('IsDialogMessageA', 1066860), ('IsChild', 1066868), ('InvalidateRect', 1066876), ('IntersectRect', 1066884), ('InsertMenuItemA', 1066892), ('InsertMenuA', 1066900), ('InflateRect', 1066908), ('GetWindowThreadProcessId', 1066916), ('GetWindowTextA', 1066924), ('GetWindowRect', 1066932), ('GetWindowPlacement', 1066940), ('GetWindowLongA', 1066948), ('GetWindowDC', 1066956), ('GetTopWindow', 1066964), ('GetSystemMetrics', 1066972), ('GetSystemMenu', 1066980), ('GetSysColor', 1066988), ('GetSubMenu', 1066996), ('GetScrollRange', 1067004), ('GetScrollPos', 1067012), ('GetScrollInfo', 1067020), ('GetPropA', 1067028), ('GetParent', 1067036), ('GetWindow', 1067044), ('GetMessageTime', 1067052), ('GetMenuStringA', 1067060), ('GetMenuState', 1067068), ('GetMenuItemInfoA', 1067076), ('GetMenuItemID', 1067084), ('GetMenuItemCount', 1067092), ('GetMenu', 1067100), ('GetLastActivePopup', 1067108), ('GetKeyboardState', 1067116), ('GetKeyboardLayoutList', 1067124), ('GetKeyboardLayout', 1067132), ('GetKeyState', 1067140), ('GetKeyNameTextA', 1067148), ('GetIconInfo', 1067156), ('GetForegroundWindow', 1067164), ('GetFocus', 1067172), ('GetDesktopWindow', 1067180), ('GetDCEx', 1067188), ('GetDC', 1067196), ('GetCursorPos', 1067204), ('GetCursor', 1067212), ('GetClipboardData', 1067220), ('GetClientRect', 1067228), ('GetClassNameA', 1067236), ('GetClassInfoA', 1067244), ('GetCapture', 1067252), ('GetActiveWindow', 1067260), ('FrameRect', 1067268), ('FindWindowA', 1067276), ('FillRect', 1067284), ('EqualRect', 1067292), ('EnumWindows', 1067300), ('EnumThreadWindows', 1067308), ('EndPaint', 1067316), ('EnableWindow', 1067324), ('EnableScrollBar', 1067332), ('EnableMenuItem', 1067340), ('DrawTextA', 1067348), ('DrawMenuBar', 1067356), ('DrawIconEx', 1067364), ('DrawIcon', 1067372), ('DrawFrameControl', 1067380), ('DrawFocusRect', 1067388), ('DrawEdge', 1067396), ('DispatchMessageA', 1067404), ('DestroyWindow', 1067412), ('DestroyMenu', 1067420), ('DestroyIcon', 1067428), ('DestroyCursor', 1067436), ('DeleteMenu', 1067444), ('DefWindowProcA', 1067452), ('DefMDIChildProcA', 1067460), ('DefFrameProcA', 1067468), ('CreateWindowExA', 1067476), ('CreatePopupMenu', 1067484), ('CreateMenu', 1067492), ('CreateIcon', 1067500), ('ClientToScreen', 1067508), ('CheckMenuItem', 1067516), ('CallWindowProcA', 1067524), ('CallNextHookEx', 1067532), ('BeginPaint', 1067540), ('CharNextA', 1065412), ('CharLowerBuffA', 1067548), ('CharLowerA', 1067556), ('AdjustWindowRectEx', 1067564), ('ActivateKeyboardLayout', 1067572)]), ('kernel32.dll#4', [('Sleep', 1065484)]), ('oleaut32.dll#1', [('SafeArrayPtrOfIndex', 1065036), ('SafeArrayPutElement', 1067580), ('SafeArrayGetElement', 1067588), ('SafeArrayGetUBound', 1067596), ('SafeArrayGetLBound', 1067604), ('SafeArrayRedim', 1067612), ('SafeArrayCreate', 1067620), ('VariantChangeTypeEx', 1067628), ('VariantCopyInd', 1067636), ('VariantCopy', 1067644), ('VariantClear', 1067652), ('VariantInit', 1067660)]), ('ole32.dll#0', [('CreateStreamOnHGlobal', 1065044), ('IsAccelerator', 1067668), ('OleDraw', 1067676), ('OleSetMenuDescriptor', 1067684), ('CoTaskMemFree', 1067692), ('ProgIDFromCLSID', 1067700), ('StringFromCLSID', 1067708), ('CoCreateInstance', 1067716), ('CoGetClassObject', 1067724), ('CoUninitialize', 1067732), ('CoInitialize', 1067740), ('IsEqualGUID', 1067748)]), ('oleaut32.dll#2', [('GetErrorInfo', 1065052), ('GetActiveObject', 1067756), ('SysFreeString', 1065004)]), ('comctl32.dll#0', [('ImageList_SetIconSize', 1065060), ('ImageList_GetIconSize', 1067764), ('ImageList_Write', 1067772), ('ImageList_Read', 1067780), ('ImageList_GetDragImage', 1067788), ('ImageList_DragShowNolock', 1067796), ('ImageList_SetDragCursorImage', 1067804), ('ImageList_DragMove', 1067812), ('ImageList_DragLeave', 1067820), ('ImageList_DragEnter', 1067828), ('ImageList_EndDrag', 1067836), ('ImageList_BeginDrag', 1067844), ('ImageList_Remove', 1067852), ('ImageList_DrawEx', 1067860), ('ImageList_Replace', 1067868), ('ImageList_Draw', 1067876), ('ImageList_GetBkColor', 1067884), ('ImageList_SetBkColor', 1067892), ('ImageList_ReplaceIcon', 1067900), ('ImageList_Add', 1067908), ('ImageList_GetImageCount', 1067916), ('ImageList_Destroy', 1067924), ('ImageList_Create', 1067932), ('InitCommonControls', 1067940)]), ('shell32.dll#0', [('ShellExecuteA', 1065068)]), ('wsock32.dll#0', [('WSACleanup', 1065076), ('WSAStartup', 1067948), ('WSAGetLastError', 1067956), ('WSAAsyncGetHostByName', 1067964), ('WSAAsyncSelect', 1067972), ('socket', 1067980), ('setsockopt', 1067988), ('send', 1067996), ('recv', 1068004), ('listen', 1068012), ('inet_ntoa', 1068020), ('inet_addr', 1068028), ('htons', 1068036), ('getsockname', 1068044), ('connect', 1068052), ('closesocket', 1068060), ('bind', 1068068), ('accept', 1068076)]), ('winmm.dll#0', [('PlaySoundA', 1065084)])])
Exception ignored on calling ctypes callback function: <bound method Uc._hookcode_cb of <unicorn.unicorn.Uc object at 0x73981023abc0>>
Traceback (most recent call last):
File "/home/domca/.local/lib/python3.10/site-packages/unicorn/unicorn.py", line 494, in _hookcode_cb
cb(self, address, size, data)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/core.py", line 232, in hook_code
self.sample.unpacker.dump(uc, self.apicall_handler, self.sample, self.unpack_path)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/unpackers.py", line 60, in dump
self.dumper.dump_image(uc, self.BASE_ADDR, self.virtualmemorysize, apicall_handler, sample, path)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 458, in dump_image
hdr = self.fix_imports(uc, hdr, virtualmemorysize, total_size, dllname_to_functionlist, sample.original_imports)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 511, in fix_imports
return super().fix_imports_by_rebuilding(uc, hdr, virtualmemorysize, total_size, dllname_to_functionlist)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 209, in fix_imports_by_rebuilding
ptr_iat = self.find_iat(uc, hdr.base_addr, total_size, iat_array, dll_name)
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/imagedump.py", line 138, in find_iat
with pe_write(uc, base_addr, total_size, self.brokenimport_dump_file, temporary=True):
File "/home/domca/.local/lib/python3.10/site-packages/unipacker/headers.py", line 487, in init
data = uc.mem_read(base_addr, total_size)
File "/home/domca/.local/lib/python3.10/site-packages/unicorn/unicorn.py", line 436, in mem_read
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
Pvpsmajlici.zip (I had to zip the file, because otherwise, GitHub didn't let me upload it.)