Hi,

I would like to know if a tut exists on this well-known protection.

First of all, it checks if SICE or TRW is loaded, of course.
(I installed SICE under NT2K Workstation, and TRW2K 1.22 under 98.)

I'm trying to reverse it with TRW2K and it just crash my PC when I launch any SoftlOCX protected programs. So let's the questions begin, 1, 2, 3, GO!

1. Will returned values be different on Win2K and 98 platforms if it finds SICE?

2. As TRW only runs under 98, how to bypass this check? Have I to install SICE under 98 too in order to compare the values if I doesn't find SICE or FrogICE/NTICE?

3. Which API to use? As LaZaRuS said in his essay, hmemcpy doesn't work nor GetWindowTextA but GetWindowTextLenght yes. Is it the same case or is it another API used to do this?

4. I've found the great util by Chafe[TMG]. Thanks him, he's a great reverser. He made an unwrapper of any SoftlOCX v5 protected progs and made reverser's lifes easier but anyway I want to fool this protection with my own hands. I've found a tut of LaZaRuS on Fusion v1 but I doesn't cover the same version of SoftlOCX so they had time to improve their protection till now.

5. Does anyone know how unpack this sort of protection? Like Chafe's util do but with a debugger? I'm very interested in

Sincerely,