Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-10-2004, 23:24
LetMeIn
 
Posts: n/a
Question Vbox 4.6.2

Hi All -

I'm working on unwrapping an app contained in Vbox 4.6.2. I have found the OEP, found the "standard" Vbox code, performed the code injection, set the break on the infinite loop to check the new code and everything works fine. However, when I go back to Imprec there are lots of imports in the kernel32.dll that are still invalid. I have studied and followed a tut by Lunar_Dust and one by RemedY and I can't make any further headway.

Any suggestions??

Thanks
LetMeIn

One added piece of information - each one these invalid imports in the kernel32.dll are calls to the vbox routine that i patched.

Last edited by LetMeIn; 10-12-2004 at 08:30.
Reply With Quote
  #2  
Old 10-11-2004, 00:04
Eggi
 
Posts: n/a
try trace level 1,2 and 3 (in imprec)... one of them should help you to fix the iat .
Reply With Quote
  #3  
Old 10-27-2004, 00:15
LetMeIn
 
Posts: n/a
Manual IAT reconstruction

Is there a way to reconstruct the IAT without the use of Imprec, revirgin, etc.? I know that this is or would be taking the "scenic route," but I'm curious. The semi-manual process does not seem to be working for me.
Reply With Quote
  #4  
Old 10-27-2004, 01:05
hosiminh hosiminh is offline
Friend
 
Join Date: Aug 2004
Posts: 203
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
hosiminh Reputation: 1
Look here:

In english
h**p://mup.anticrack.de/PETut.html
h**p://www.absolutelock.de/construction/infobase.html

and here:

In spanish
h**p://www.crackslatinos.hispadominio.net/miembros/teorias/t241-260.htm

253 Import tables a mano 1/4
254 Import tables a mano 2/4
255 Import tables a mano 3/4
256 Import tables a mano 4/4

Maybe someone has got english version incase you do not understand spanish
Reply With Quote
  #5  
Old 10-29-2004, 11:10
LetMeIn
 
Posts: n/a
I have English copies of the Ricardo tuts. My question is this, is the target exe file the only file that needs unpacking? I remember reading a post in either this forum or the woodman forum that there are possibly three files - the target exe and two vbox dlls. These three files are the ones that have PREVIEW listed as a section header. Does that sound right?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VBOX upnacking question ReVeR General Discussion 20 06-17-2005 22:37


All times are GMT +8. The time now is 23:26.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )