Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-25-2003, 05:13
ysco
 
Posts: n/a
Need help with Crunch/PE 3.0.0.x 4.0.0.x >Bitarts

Hello i have a question about this protection.
I have a proggie called Driver guide Toolkit that has this protection i have scanned with Stud-PE i couldn`t find a proggie for unpacking this protection.I have also searched here on the forum but i could not find a direct answer (mabye i overlooked it )

But can someone tell me how to unpack this proggie ,and for you info i am learning newbie guys so please not too difficult with explainning

Thanks in advance.

ysco.
Reply With Quote
  #2  
Old 11-25-2003, 06:21
lonewolf55
 
Posts: n/a
Re: Need help with Crunch/PE 3.0.0.x 4.0.0.x >Bitarts

Quote:
Originally posted by ysco
Hello i have a question about this protection.
I have a proggie called Driver guide Toolkit that has this protection i have scanned with Stud-PE i couldn`t find a proggie for unpacking this protection.I have also searched here on the forum but i could not find a direct answer (mabye i overlooked it )

But can someone tell me how to unpack this proggie ,and for you info i am learning newbie guys so please not too difficult with explainning

Thanks in advance.

ysco.
do you mean from here ---> hxxp://www.driverguidetoolkit.com/
Reply With Quote
  #3  
Old 11-25-2003, 06:51
ysco
 
Posts: n/a
Yep thats the site lonewolf55 have you any info about it ????

Thanks.

ysco.
Reply With Quote
  #4  
Old 11-25-2003, 07:02
lonewolf55
 
Posts: n/a
Ok I just downed the progie "dgt.exe" and then I right clicked on it and selected "extract files" ... ... I have winrar installed on win 2K .... it extracted the files to the directory dgt..

then I used "installshield cabinet file viewer version 6.21" and this allows me to start inspection....

I have not gone any further than this yet
Reply With Quote
  #5  
Old 11-25-2003, 07:53
ysco
 
Posts: n/a
I have looked for that proggie you mention on google but couldn`t find a valid link.
Will also look if it is on ftp here.
But what does the proggie, can you also dissambler/debugger the exe file or can you only view the file ,because if that is the only thing then we still have the problem that it is packed .

ysco.
Reply With Quote
  #6  
Old 11-25-2003, 22:42
lonewolf55
 
Posts: n/a
well I'm not sure the progie I used will help any at all, it was just something I used just to get a general look at the installation method and allow me to get an idea of how to approach reversing

this tool won't reverse or modify any exe file, just for partial inspection

I don't remember where I found it it says DL'ed from playtoys but I think not where I found..........

anyway I do not see it here so I will atatch....

scanned no bugs found ----->
Attached Files
File Type: zip iscab.zip (374.4 KB, 30 views)
Reply With Quote
  #7  
Old 11-25-2003, 23:17
lonewolf55
 
Posts: n/a
next thing you might wish to do is de-compile the "setup.inx" script file

find a progie called "sid.zip"

quote from readme:

[sid] - installshield 6/7 script decompiler
v1.0 written by sn00pee

introduction
------------
sid is designed to decompile installshield .inx scripts created with
installshield 6 or 7. additionally it allows the user to take a few
changes to the code and patch the script.

END quote

I found this file at protools.com
Reply With Quote
  #8  
Old 11-26-2003, 06:26
ysco
 
Posts: n/a
Thanks for the help buddy will try it again

Hmm i have checked it just right now and if i look at the setup.inx and try too load it with sid then it says ((no valid installshield 6 file))

Do i something wrong ????

ysco.

Last edited by ysco; 11-26-2003 at 06:49.
Reply With Quote
  #9  
Old 11-26-2003, 06:37
Jay Jay is offline
VIP
 
Join Date: Feb 2002
Posts: 249
Rept. Given: 31
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 13 Times in 5 Posts
Jay Reputation: 3
?

ysco,
check your pm, the dll's in the cab file can be extracted with winrar or am I missing something?.
Reply With Quote
  #10  
Old 11-26-2003, 06:43
lonewolf55
 
Posts: n/a
well, I hope it helps, it may not be the correct way to reverse this progie but I'm sure it can be done this way....

being I'm a stubborn old goat, I like to attack the setup methods first before I try to un-fuuk the installed apps lol

if anyone else have ideas please post, I'm learning too
Reply With Quote
  #11  
Old 11-26-2003, 06:47
lonewolf55
 
Posts: n/a
Re: ?

Quote:
Originally posted by Jay
ysco,
check your pm, the dll's in the cab file can be extracted with winrar or am I missing something?.
was no mention of extracting dll's from cab file with winrar
Reply With Quote
  #12  
Old 11-26-2003, 06:54
Jay Jay is offline
VIP
 
Join Date: Feb 2002
Posts: 249
Rept. Given: 31
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 13 Times in 5 Posts
Jay Reputation: 3
what are you trying to do

I'm not sure what it is you are trying to with script decompilers, the exe is packed with crunch, as far as I can see that is what ysco wanted to unpack.
Reply With Quote
  #13  
Old 11-26-2003, 06:57
lonewolf55
 
Posts: n/a
Re: what are you trying to do

Quote:
Originally posted by Jay
I'm not sure what it is you are trying to with script decompilers, the exe is packed with crunch, as far as I can see that is what ysco wanted to unpack.
what I was looking at was the actual installer, not the program after the installer had installed it.

edit:
after decompiling the setup.inx script I was looking at code such as this ---->

begin
/* 0000561C: 0022 */ // -- Begin Function Code -- //
/* 00005625: 0006 */ s0000 = g_str0008;
/* 0000562F: 0021 */ function_011C(0x00000001, s0000);
/* 0000563D: 0021 */ function_00ED("PRODUCT_KEY");
/* 00005651: 0006 */ s0001 = LAST_RESULT;
/* 0000565B: 0014 */ s0001 = s0000 ^ s0001;
/* 00005668: 0021 */ function_011C(0x00000002, s0001);
/* 00005676: 0024 */ return;
/* 0000567A: 0026 */ // -- Create Local Variables -- //
end;

Last edited by lonewolf55; 11-26-2003 at 07:04.
Reply With Quote
  #14  
Old 11-26-2003, 07:03
Jay Jay is offline
VIP
 
Join Date: Feb 2002
Posts: 249
Rept. Given: 31
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 13 Times in 5 Posts
Jay Reputation: 3
oh, carry on then :)

still can't see how that relates to
Quote:
But can someone tell me how to unpack this proggie
seem to have out lines crossed somewhere, guess I'll butt out.
Reply With Quote
  #15  
Old 11-26-2003, 07:06
lonewolf55
 
Posts: n/a
Re: oh, carry on then :)

Quote:
Originally posted by Jay
still can't see how that relates to


seem to have out lines crossed somewhere, guess I'll butt out.
no problems .. please if you can help please post more .. as I said I'm learning also
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Crunch PE heuristic Pompeyfan General Discussion 0 02-14-2004 04:13
BITArts IWarez General Discussion 2 08-05-2003 03:26


All times are GMT +8. The time now is 18:08.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )