Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
advanced search  
Topics
News (14)
Tutorials (115)
Crackmes (70)
Coding (23)
Challenges
Download
Hall Of Fame
User Functions
Username:

Password:

Don't have an account yet? Sign up as a New User
Banners
 Welcome to BiW Reversing
 Sunday, April 02 2023 @ 10:37 AM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Elicense/Vprotect unpacking
Goto page Previous  1, 2
 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking
View previous topic :: View next topic  
Author Message
SKiLLa
Frequent poster
Frequent poster


Joined: 29 Mar 2005
Posts: 79
PostPosted: Wed Jul 19, 2006 12:49 pm    Post subject: Reply with quote
Yes, it's true. Just check the WinInternals.com site ... or check SysInternals.com and read Mark's blog, but the latter site is terribly slow due to the news Cool
Back to top
View user's profile Send private message
umk
New to the board
New to the board


Joined: 24 Jul 2006
Posts: 1
PostPosted: Fri Sep 08, 2006 9:37 am    Post subject: no Trial button Reply with quote
is it possible to unpack elicense when there is no trial button? Cuz I found some targets that does not give you any free trial.
Back to top
View user's profile Send private message
slipz
New to the board
New to the board


Joined: 06 Aug 2006
Posts: 2
PostPosted: Sat Sep 09, 2006 4:16 pm    Post subject: Re: no Trial button Reply with quote
umk wrote:
is it possible to unpack elicense when there is no trial button? Cuz I found some targets that does not give you any free trial.


I've been trying this myself, no luck as yet though.
Back to top
View user's profile Send private message
Soul12
Occasional Poster
Occasional Poster


Joined: 17 Apr 2005
Posts: 39
PostPosted: Mon Sep 11, 2006 10:42 pm    Post subject: Reply with quote
yes it is..so keep trying Razz
_________________
Once The Digital War Comes , Crackers Will rule the world
Back to top
View user's profile Send private message MSN Messenger
slipz
New to the board
New to the board


Joined: 06 Aug 2006
Posts: 2
PostPosted: Mon Oct 23, 2006 6:11 pm    Post subject: Reply with quote
Are you sure that it's possible? I've nearly pulled all my hair out!
Back to top
View user's profile Send private message
w00t
New to the board
New to the board


Joined: 01 Apr 2005
Posts: 6
PostPosted: Sun Nov 19, 2006 10:17 pm    Post subject: Reply with quote
Easy protection, the crackers nowadays are worthless it seems Crying or Very sad

haggar wrote:


I have no idea why OEP bytes are changed, I didn't go too much into it.



The .text sectiondata gets decrypted. Because olly hooks it (and hides that for you) the block at the oep gets wrong opcodes.
Anyway, put a hardware breakpoint on it and you can get back the correct code by watching the stack when you break. (oep starts with 2 pushes)

Soul12 wrote:


ive unpacked it..found OEP...restored IAT...but yet it fails to run correct..



Did you even know what you did? Or did you just press some buttons?
Most of the imports are redirected. Inside the simple redirector the correct import RVA gets calculated and then it jumps to it. Get the correct RVAs, patch them in place of the RVA of the redirector.

My import sollution:

Code:


Target: C:\Program Files\Sports Interactive\OOTP Baseball 2006\ootp2006.exe
OEP: 004F1561   IATRVA: 00551000   IATSize: 00000260

FThunk: 00551000   NbFunc: 00000003
1   00551000   gdi32.dll   024B   StretchDIBits
1   00551004   gdi32.dll   022C   SetMapMode
1   00551008   gdi32.dll   0239   SetStretchBltMode

FThunk: 00551010   NbFunc: 00000060
1   00551010   kernel32.dll   0151   GetEnvironmentVariableA
1   00551014   kernel32.dll   02B1   ReleaseMutex
1   00551018   kernel32.dll   005D   CreateMutexA
1   0055101C   kernel32.dll   0169   GetLastError
1   00551020   kernel32.dll   02FE   SetEndOfFile
1   00551024   kernel32.dll   02FF   SetEnvironmentVariableA
1   00551028   kernel32.dll   0039   CompareStringW
1   0055102C   kernel32.dll   0038   CompareStringA
1   00551030   kernel32.dll   013D   GetCurrentProcessId
1   00551034   kernel32.dll   0292   QueryPerformanceCounter
1   00551038   kernel32.dll   0242   LoadLibraryA
1   0055103C   kernel32.dll   0297   RaiseException
1   00551040   kernel32.dll   0050   CreateFileA
1   00551044   kernel32.dll   0322   SetStdHandle
1   00551048   kernel32.dll   016E   GetLogicalDriveStringsA
1   0055104C   kernel32.dll   0040   CopyFileA
1   00551050   kernel32.dll   0174   GetModuleFileNameA
1   00551054   kernel32.dll   0381   WriteConsoleA
1   00551058   kernel32.dll   01AF   GetStdHandle
1   0055105C   kernel32.dll   000A   AllocConsole
1   00551060   kernel32.dll   01D2   GetTickCount
1   00551064   kernel32.dll   00BF   FatalAppExitA
1   00551068   kernel32.dll   01F6   GlobalLock
1   0055106C   kernel32.dll   01EB   GlobalAlloc
1   00551070   kernel32.dll   01B9   GetSystemInfo
1   00551074   kernel32.dll   01DC   GetVersionExA
1   00551078   kernel32.dll   00EE   FreeConsole
1   0055107C   kernel32.dll   02C5   RtlUnwind
1   00551080   kernel32.dll   01BE   GetSystemTimeAsFileTime
1   00551084   kernel32.dll   0209   HeapFree
1   00551088   kernel32.dll   020D   HeapReAlloc
1   0055108C   kernel32.dll   0203   HeapAlloc
1   00551090   kernel32.dll   00B7   ExitProcess
1   00551094   kernel32.dll   0198   GetProcAddress
1   00551098   kernel32.dll   0176   GetModuleHandleA
1   0055109C   kernel32.dll   0347   TerminateProcess
1   005510A0   kernel32.dll   013C   GetCurrentProcess
1   005510A4   kernel32.dll   01AD   GetStartupInfoA
1   005510A8   kernel32.dll   010A   GetCommandLineA
1   005510AC   kernel32.dll   0082   DeleteFileA
1   005510B0   kernel32.dll   025E   MoveFileA
1   005510B4   kernel32.dll   00CD   FindClose
1   005510B8   kernel32.dll   00C4   FileTimeToSystemTime
1   005510BC   kernel32.dll   00C3   FileTimeToLocalFileTime
1   005510C0   kernel32.dll   00D1   FindFirstFileA
1   005510C4   kernel32.dll   00DA   FindNextFileA
1   005510C8   kernel32.dll   0097   EnterCriticalSection
1   005510CC   kernel32.dll   0241   LeaveCriticalSection
1   005510D0   kernel32.dll   02B3   RemoveDirectoryA
1   005510D4   kernel32.dll   014C   GetDriveTypeA
1   005510D8   kernel32.dll   0048   CreateDirectoryA
1   005510DC   kernel32.dll   0080   DeleteCriticalSection
1   005510E0   kernel32.dll   034C   TlsAlloc
1   005510E4   kernel32.dll   0314   SetLastError
1   005510E8   kernel32.dll   013F   GetCurrentThreadId
1   005510EC   kernel32.dll   034D   TlsFree
1   005510F0   kernel32.dll   034F   TlsSetValue
1   005510F4   kernel32.dll   034E   TlsGetValue
1   005510F8   kernel32.dll   020F   HeapSize
1   005510FC   kernel32.dll   0234   LCMapStringA
1   00551100   kernel32.dll   037F   WideCharToMultiByte
1   00551104   kernel32.dll   0265   MultiByteToWideChar
1   00551108   kernel32.dll   0235   LCMapStringW
1   0055110C   kernel32.dll   0207   HeapDestroy
1   00551110   kernel32.dll   0205   HeapCreate
1   00551114   kernel32.dll   036E   VirtualFree
1   00551118   kernel32.dll   036B   VirtualAlloc
1   0055111C   kernel32.dll   0228   IsBadWritePtr
1   00551120   kernel32.dll   0307   SetFilePointer
1   00551124   kernel32.dll   0255   LockResource
1   00551128   kernel32.dll   015F   GetFileType
1   0055112C   kernel32.dll   01D5   GetTimeZoneInformation
1   00551130   kernel32.dll   02A4   ReadFile
1   00551134   kernel32.dll   0032   CloseHandle
1   00551138   kernel32.dll   038C   WriteFile
1   0055113C   kernel32.dll   0358   UnhandledExceptionFilter
1   00551140   kernel32.dll   00EF   FreeEnvironmentStringsA
1   00551144   kernel32.dll   014E   GetEnvironmentStrings
1   00551148   kernel32.dll   00F0   FreeEnvironmentStringsW
1   0055114C   kernel32.dll   0150   GetEnvironmentStringsW
1   00551150   kernel32.dll   00E7   FlushFileBuffers
1   00551154   kernel32.dll   0162   GetFullPathNameA
1   00551158   kernel32.dll   013A   GetCurrentDirectoryA
1   0055115C   kernel32.dll   0216   InitializeCriticalSection
1   00551160   kernel32.dll   021B   InterlockedExchange
1   00551164   kernel32.dll   0373   VirtualQuery
1   00551168   kernel32.dll   0333   SetUnhandledExceptionFilter
1   0055116C   kernel32.dll   0225   IsBadReadPtr
1   00551170   kernel32.dll   0222   IsBadCodePtr
1   00551174   kernel32.dll   00F7   GetACP
1   00551178   kernel32.dll   018B   GetOEMCP
1   0055117C   kernel32.dll   00FE   GetCPInfo
1   00551180   kernel32.dll   01B0   GetStringTypeA
1   00551184   kernel32.dll   01B3   GetStringTypeW
1   00551188   kernel32.dll   016C   GetLocaleInfoA
1   0055118C   kernel32.dll   0371   VirtualProtect

FThunk: 00551194   NbFunc: 00000001
1   00551194   shell32.dll   0167   ShellExecuteA

FThunk: 0055119C   NbFunc: 00000023
1   0055119C   user32.dll   01B8   LoadCursorA
1   005511A0   user32.dll   01BC   LoadIconA
1   005511A4   user32.dll   0217   RegisterClassA
1   005511A8   user32.dll   0096   DestroyCursor
1   005511AC   user32.dll   010F   GetDesktopWindow
1   005511B0   user32.dll   0100   GetClientRect
1   005511B4   user32.dll   029A   SystemParametersInfoA
1   005511B8   user32.dll   0061   CreateWindowExA
1   005511BC   user32.dll   0281   SetWindowLongA
1   005511C0   user32.dll   01EA   MoveWindow
1   005511C4   user32.dll   000E   BeginPaint
1   005511C8   user32.dll   00C9   EndPaint
1   005511CC   user32.dll   01DD   MessageBoxA
1   005511D0   user32.dll   009A   DestroyWindow
1   005511D4   user32.dll   0293   ShowWindow
1   005511D8   user32.dll   0021   ChangeDisplaySettingsA
1   005511DC   user32.dll   022B   ReleaseDC
1   005511E0   user32.dll   010D   GetDC
1   005511E4   user32.dll   0122   GetKeyState
1   005511E8   user32.dll   015E   GetSystemMetrics
1   005511EC   user32.dll   028F   ShowCursor
1   005511F0   user32.dll   01EC   MsgWaitForMultipleObjectsEx
1   005511F4   user32.dll   02AB   TranslateMessage
1   005511F8   user32.dll   00A2   DispatchMessageA
1   005511FC   user32.dll   01FE   PeekMessageA
1   00551200   user32.dll   024E   SetCursor
1   00551204   user32.dll   01A0   IsClipboardFormatAvailable
1   00551208   user32.dll   0043   CloseClipboard
1   0055120C   user32.dll   0102   GetClipboardData
1   00551210   user32.dll   01F4   OpenClipboard
1   00551214   user32.dll   024B   SetClipboardData
1   00551218   user32.dll   00C2   EmptyClipboard
1   0055121C   user32.dll   008F   DefWindowProcA
1   00551220   user32.dll   02A4   TrackMouseEvent
1   00551224   user32.dll   0045   CloseWindow

FThunk: 0055122C   NbFunc: 0000000C
1   0055122C   wsock32.dll   000C   ioctlsocket
1   00551230   wsock32.dll   0004   connect
1   00551234   wsock32.dll   0015   setsockopt
1   00551238   wsock32.dll   0017   socket
1   0055123C   wsock32.dll   0074   WSACleanup
1   00551240   wsock32.dll   0034   gethostbyname
1   00551244   wsock32.dll   0009   htons
1   00551248   wsock32.dll   0010   recv
1   0055124C   wsock32.dll   0013   send
1   00551250   wsock32.dll   006F   WSAGetLastError
1   00551254   wsock32.dll   0003   closesocket
1   00551258   wsock32.dll   0073   WSAStartup



Get some brains, crack yourself.

Regards
Back to top
View user's profile Send private message
Soul12
Occasional Poster
Occasional Poster


Joined: 17 Apr 2005
Posts: 39
PostPosted: Thu Dec 14, 2006 11:59 pm    Post subject: Reply with quote
wow...your some cracker...unlike you we finished this thing long ago, and aparently you felt like your ego needed a boost...you are truly amazing... wow your skills blind me..did you really resoleve all those api's yourself! WOW! ...

frankly im speechless of how some ppl act.. and i love clickling buttons...they are sooooooooo shiny..moron!

Quote:
thnx 2 hagger for finding my error... when Program is loaded in a debugger its never Decrypts the .exe Completely..and leaves not only OEP but Large parts of the Program broken... and ive never seen this before... thnx 2 hagger!


so plz get some brain and possibly some manners yourself
_________________
Once The Digital War Comes , Crackers Will rule the world
Back to top
View user's profile Send private message MSN Messenger
jstorme
New to the board
New to the board


Joined: 24 Mar 2006
Posts: 13
PostPosted: Fri Dec 15, 2006 1:58 pm    Post subject: Reply with quote
deleted

Last edited by jstorme on Tue Dec 26, 2006 10:33 pm; edited 1 time in total
Back to top
View user's profile Send private message
w00t
New to the board
New to the board


Joined: 01 Apr 2005
Posts: 6
PostPosted: Tue Dec 26, 2006 7:52 pm    Post subject: Reply with quote
Soul12 wrote:
wow...your some cracker...unlike you we finished this thing long ago, and aparently you felt like your ego needed a boost...you are truly amazing... wow your skills blind me..did you really resoleve all those api's yourself! WOW! ...

frankly im speechless of how some ppl act.. and i love clickling buttons...they are sooooooooo shiny..moron!


Yeye, go back to where you came from. Im sure you would have left a message here if you fixed it kid. Perhaps you don't know, but it's because of people like you that the whole reversing community stinks. It used to be way better years ago with a lot more skilled people.
Back to top
View user's profile Send private message
bpx
Occasional Poster
Occasional Poster


Joined: 22 Jan 2006
Posts: 25
Location: Earth
PostPosted: Wed Dec 27, 2006 7:41 pm    Post subject: bah Reply with quote
Bah, blatant flamebait.

I remember when I was completely new to cracking. The only way I learned was by the tute's and forum threads of more outgoing new crackers.

Quote:

but it's because of people like you that the whole reversing community stinks.


BIW was made to help educate people, not turn them away shame them. Please don't answer questions with a condescending holier-than-thou attitude.

Hate to sound like a right winger American, but...
If you don't like it, you can leave. Laughing

Quote:

It used to be way better years ago with a lot more skilled people.


What happened to all the old time crackers that were so great?
Maybe they actually grew up Cool

You're just having a bad day w00t, go cool off for a bit...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking All times are GMT + 1 Hour
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2023 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.93 seconds