Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Visual Protect
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-10-2004, 09:42
Spotted Horse
 
Posts: n/a
Visual Protect
I have a target that is protected with visual protect and I havent found very much info on unpacking it, if someone could point me in the right direction I would be most grateful.

I found one tut on unpacking with TRW and i'm using Olly
Reply With Quote
  #2  
Old 09-10-2004, 10:01
bukkake's Avatar
bukkake bukkake is offline
VIP
  
Join Date: Aug 2004
Location: /usr/home
Posts: 127
Rept. Given: 2
Rept. Rcvd 14 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 2 Posts
bukkake Reputation: 14
I have a tut for OllyDbg, but it's in french, I'll upload it if you want it, it's easy to understand, the screenshots explain everything. If not, post the target here, I'm sure someone will right one for you or guide you on how to unpack it.
Reply With Quote
  #3  
Old 09-10-2004, 10:52
Spotted Horse
 
Posts: n/a
Thanks
I cant download it if you posted it here( the tut), i dont have enough posts to make downloads !

The target is Stormpredator it can be downloaded from here h**p://www.stormpredator.com


Many thanks bukkake
Last edited by Spotted Horse; 09-10-2004 at 10:55.
Reply With Quote
  #4  
Old 09-10-2004, 11:22
bukkake's Avatar
bukkake bukkake is offline
VIP
  
Join Date: Aug 2004
Location: /usr/home
Posts: 127
Rept. Given: 2
Rept. Rcvd 14 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 2 Posts
bukkake Reputation: 14
Must be your lucky day, the tut I have is for an old version of StromPredator, but still works for the new version, I just tried it.
Since you can't download, I'll try to explain here.
Run Olly, and set it like this (Options->Debugging options):
In SFX: "Trace entry real blockwise", and enable "Pass exceptions to SFX extractor"

Load the target, press F9, you get that "Visual Protect trial" box, click "try" button, then let OllyDbg trace it, it will land in the EOP (0047CAE0), then dump the target. Start ImportRec, enter the EOP (7CAE0), then press "Get import", then "show invalid", then click "Autotrace", it will take a few seconds, so just be patient. Delete the thunk at RVA 00083818, double click thunk RVA 003B00E0, choose module "kernel32.dll", then scroll down to "Kernel32.GetProcAdress", should be "ord:0191", select it then click ok, then click "Fix dump", and choose the file you dumped with OllyDbg, target unpacked and no more nag window
Reply With Quote
  #5  
Old 09-10-2004, 14:06
nikkov
 
Posts: n/a
I made license for VisualProtect self and XNView DeLuxe (first version).
It's very easy and need only VisualProtect and all!!!
Reply With Quote
  #6  
Old 09-10-2004, 23:57
Spotted Horse
 
Posts: n/a
I have a bug in windows xp and imprec gives me a message that it cant run tracer !?!?!? I followed your to post to a tee, but this damn windows xp is the biggest pain in the ass after you have a virus in the system!!! snag it, evidence eliminator, internet explorer ( i'm running Opera) and 4 other programs have the same problem as imprec...........they dont run right !


Thanks a million for the tut bukkake its just turned out to be a waste of time for us all until i get windows fixed
Last edited by Spotted Horse; 09-11-2004 at 05:11.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 03:08.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )