hi

I'm trying to remove envelope from HASP HL protected software. The problem is, that when I try to resolve APIs with Imprec (level3, trap flag tracer) application suddenly terminates. It's obvious that the envelope somehow detects my manipulations.

HL implements techniques different than SL - IsDebuggerPresent / ZwQuery.. trick is not the case.

I tried HideToolz v2 to hide ImpRec, but this wasn't helpful. OllyDbg ExeCryptor edition isn't detected by the envelope, but this mod. contains so many plugins that deactivating every single one just to check if it's triggers detection would be pretty boring.

My questions is: does anyone here had similiar problem? I'm not familiar with antidebugging techniques and I've no idea how the detection is performed.

Regards,
Pii

Disclaimer: I am not an expert in unpacking.

BUT: ImpRec built in resolution methods have been, for the most part, bypassed and neutralized by crypters/packers since the early 2000s, so I would NOT relay on them at all for API resolution very much in any new software package.

What you are describing is an anti ImpRec device indeed but the way to bypass it is probably not an anti Imprec detection plug-in but analyzing the software API redirection tricks.

I hope other, more hands on people in here can give you more specific advice

I found this in my harddisk; probably can help you...

CRACK DELETED

cEnginEEr:

Apparently you STILL HAVE NOT READ THE FRIGGIN FAQ!!!

Had you previously done so, you would know better than to post CRACKS on this FORUM!!

Now actually READ THE FAQ and follow its Rules or suffer the consequences! You will not be warned again, you will just be a "goner"!

Regards,

Sorry JMI; I didn't mean violation of rules...but did you read the pdf; it wasn't a crack; just a tutorial on how to remove Hasp-hl envelope.

Well, it was 3:00 am, my time, when I looked at your previous post and I can't think why anyone would believe something labled "Hasp-HL Crack" might actually be a "CRACK."

However, I DID look at the attached file before I posted my Reply and in the first page it contains the following statement:

"This document explains how to crack and bypass the security of HASP-HL"



Now, DID YOU READ THE FRIGGIN FAQ????

Which part of:

"DO NOT POST THE NAME OF THE SOFTWARE COMPANY THAT MAKES THE PROGRAM. DO NOT POST TARGET SPECIFIC CODE THAT INCLUDES THE NAME OF THE TARGET: this means do not post code that shows where and how to patch/keygen blah blah blah on a specific target"

DO YOU NOT UNDERSTAND?????

Which part of YOUR BRAIN fails to grasp that posting "specific code" which shows how one might "remove" a "specific software protection system" violates this prohibition?

One of the other Rules also "mentioned" in the FAQ is that posters are required to "search" for their own solutions to their problems BEFORE they post their questions in these Forums. Assuming that this "attachment" actually works, all you should have done was to remind the poster that if he searched on the net, HE should find discussion of what HE was attempting to accomplish.

Regards,

I`m use Olly + Olly Advanced 1.26 b10 - and all work fine Hasp HL envelope cant find Olly. And Imprec - try use in manual mode.

It turned out that the newest HASP envelope incorporates techniques to defeat ImpRec's tracers, so this couldn't work.
I wrote some Olly scripts and recovered all imports successfully, tho .

I won't post them, since that's against the friggin FAQ.