What it does:
-------------
The Dll works almost as the original Qunpack program. Essentially what is done is:
?set some hardware breakpoint into the debugged process
?find the OEP, using some custom method (if the target program is packed by FSG 1.33,
ASPack 2.12 or UPX 1.2x, the OEP is found using an own technology) or the code of the
GenOEP.dll (included inside, so no need of external dlls)
?dump process to previously allocated buffer.
?rebuild dump and realign it.
?rebuild the import table (using some code taken from ImpRec)
**********************************************************************************************
Resource Tweaker
Resource Tweaker is an extension for the CFF Explorer, which makes it possible for older resource editors such as Resource Hacker to edit PE64 files (you can edit all non-x86 PEs). Win32 resources haven't changed much (what changed are bitmaps, icons, cursors which can be edited with the CFF Explorer), although the PE format has. It doens't make much sense to reinvent the wheel, since, through this extension, you can keep using your favourite resource editor. This extension works 100%.
***********************************************************************************************
PE Validator Script
-- check CRC32 (useful for drivers)
-- check number of rva and sizes
-- check image size
-- check sections
-- check that EP is valid
-- check that EP is in code
-- check that the EP section is executable
-- check data directories RVAs
-- check whether the API IsDebuggerPresent is imported
***********************************************************************************************
QUnpackDll跟ResourceTweaker解压后放进NTCore's Explorer Suite安装目录\Extensions\CFF Explorer\即可
程序重新启动就可以用了,其中ResourceTweaker内附的ResHacker.exe本来是英文版,我加进中文版的需要的可以自行替换
把ResHacker中文版.exe或ResHacker英文版.exe改成ResHacker.exe即可
