|
|
|
|
#1
06-24-2004, 18:29
|
|||
|
|||
|
Tweak XP Pro 3.04
Have anyone tried to unpack Tweak XP Pro 3.04 (SVPK-packed) yet? Seems like the "old" way of unpacking SVPK is useless. I have tried to do it, but with no success so far...
hobgoblin 
|
|
#2
06-27-2004, 00:39
|
|||
|
|||
|
check here:
hxxp://tsrh.watchout.ru/index.php?act=ST&f=3&t=14125& . now check attached loader... extract it to program dir.. hide your debugger . i used SICE for this task ... run load it!.exe .. before running it .. do bpint3 on your debugger .. when SICE breaks .. you'll be at OEP (9090... because stolen bytes) write back 90 and do a eip then jmp eip and dump! this is for full version of 3.0.4 Pro 
|
|
#3
06-27-2004, 04:00
|
|||
|
|||
|
Hmmm...
Doesn't seem to work for me. When I follow your method, Sice breaks in the area 0x8xxxxxxx. Then it reboots my machine. (I'm on XP, Driverstudio 3.1 and IceExt 0.64).
Any good ideas? regards,
|
|
#4
06-27-2004, 09:58
|
|||
|
|||
|
then something most be wrong with your SICE or not well hidden .. then SICE detection reboots your machine somehow ... at OEP there's NOP data 9090909090 ... the loader will write CC at 00401380
when you do bpint3 SICE should break and then you'll be able to write back 90 then you'll be able to dump .. maybe you're trying with the DEMO version?? i wrote this was for full version .. i haven't try with the DEMO.. OEP location most be difference for it.  anway you can try any other method to be able to reach OEP and dump.. now you know where is OEP 
Last edited by Crk; 06-27-2004 at 10:06.
|
|
#5
06-27-2004, 23:33
|
|||
|
|||
|
I have an old script for svkp try to use it , and don't pay attention to the msg. displayed, it isn't meant for vb targets. try it.here it is.
|
|
#6
06-28-2004, 00:44
|
|||
|
|||
|
@Crk, are you saying that you have dumped a working executable of the program? if so I like to have it.
|
 |
|
|
Hybrid Mode
