ASprotect Problem

[p4r4d0x]

Scanning -> C:\Documents and Settings\rea\Desktop\TunnelCAD.lnk
Link Resolved to -> C:\Program Files\IQSoft\TunnelCAD\1.7\TunnelCAD.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 785920 (0BFE00h) Byte(s)
[File Heuristics] -> Flag : 00000000000000001100000000100010 (0x0000C022)
[!] ASProtect SKE v2.3 - v2.5 detected !


And with Peid : ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov *

and from vera2 : [TunnelCAD], [1.07.0006],
[2.3 build 06.26 Beta], [name].

I tried to unpack it with all scripts for Asprotect ... No Chance!
I tried with Winxp with Decomas 1.7 beta + ollydb Codedoctor
and is unpacked BUT the problem is that the application runs and sends an error 53 ( is writed on vb5!) and then kill it self!

Then i start back again scripting and i found that there is an issue at the IAT
you gone see that with the scripts it gona send you IAT = 401334 VA = 1000 and SIZE = 150 and when you go with the import fixer Dosent find it valid!!!


Any suggestions?

[cybercoder]

google this ... run-time error:'53': file not found

[p4r4d0x]

thats not the solution cause you dont know what file is missing !!!

[cybercoder]

Unable to even download so can't help really...

[sendersu]

Quote:

Originally Posted by p4r4d0x

thats not the solution cause you dont know what file is missing !!!

if the app looks for some file and its missed most easiest way would be to use procmon tool and figure it out (or any other FS monitoring utility)

[dosprog]

Quote:

Originally Posted by p4r4d0x

thats not the solution cause you dont know what file is missing !!!

1) How to I can switch language of proggy to english? (INI-faile string "Language=2" not gives effect).
2) Test this ->Loader<- and tell me what limitations [and errors occured] in proggy launched with it.

[p4r4d0x]

Quote:

Originally Posted by sendersu

if the app looks for some file and its missed most easiest way would be to use procmon tool and figure it out (or any other FS monitoring utility)

Event Class: File System
Operation: CreateFile
Result: NAME INVALID
Path: C:\Program Files\IQSoft\TunnelCAD\1.7\ÿÿÿÿ.DLL
TID: 3352
Duration: 0.0000120
Desired Access: Read Attributes
Disposition: Open
Options: Open Reparse Point
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a

https://image.ibb.co/iCc7mJ/Screen_Shot_2018_05_18_at_8_18_06_AM.png

[p4r4d0x]

Quote:

Originally Posted by dosprog

1) How to I can switch language of proggy to english? (INI-faile string "Language=2" not gives effect).
2) Test this ->Loader<- and tell me what limitations [and errors occured] in proggy launched with it.

for the lang sorry my mistake at TunnelCad.cfg you can put 2
incorect version.. thats all

[p4r4d0x]

Quote:

Originally Posted by cybercoder

Unable to even download so can't help really...

heres the main setup : http://dropmefiles.com/n1HUt File Size: 18.1mb

[cybercoder]

on an xp virtual machine you could use wkt vb6 pcode debugger to find your problem... not going to tell you how what's the fun in that... But you can fix it with this..

[dosprog]

Quote:

Originally Posted by p4r4d0x

for the lang sorry my mistake at TunnelCad.cfg you can put 2
incorect version.. thats all

1) "Language=2" in INI-file give no effect.
2) Loader - run it where ORIGINAL PACKED file TunnelCAD.EXE v.1.7.6.1 placed. Where it is installed.

[p4r4d0x]

Quote:

Originally Posted by dosprog

1) "Language=2" in INI-file give no effect.
2) Loader - run it where ORIGINAL PACKED file TunnelCAD.EXE v.1.7.6.1 placed. Where it is installed.

Really it works..!!! Nice work ! My problem bro is what Im doing wrong with this protection.. can you help me just for Knowledge! what actions did you take and where i have to focus?

By the way thanks again!

[dosprog]

Quote:

Originally Posted by p4r4d0x

[..] what Im doing wrong with this protection.. [..]

Also don't know, I'll look later


--Add--

Use Q&D patch (File tc1761.CRK) :

Quote:

TunnelCAD 1.7.6.1
UnPacked

Skip starting nag (Error 53)
TunnelCAD.exe
.005612D8: 0B 14
.0055497F: 1C 1E

Can use CRACKER.EXE for apply this patch.



--Add2--
.. but program works strange. Fucked vbasic ..