Hi All,

Back on this forum after 10 years away!

My target is protected with PEncrypt4 and running through the install usng Ollydbg the main exe creates 4 tmp files in ...local\temp which it then attachs to to do the serial verification. I've sniffed through each of the temp files but there are no obvious strings or calls that I can use and I'm not sure how I could reverse as the tmp files are created dynamically and are threaded.

Does this sound like a particular scheme? Any pointers on a method here greatly appreciated.

Thanks.

you could try this tut :- forum.tuts4you.com/?showtopic=9138
Google also brings up lots of info.

Hey,

Thanks for the link. PEiD tells me that the target is protected by:

PEncrypt 4.0 Gamma / 4.0 Phi -> junkcode

I've googled for unpackers and OEP finders for this protection but have not found anything that works... I did find some Ollyscripts (PENCRYPT 4.0 OEP FINDER 0.1B.txt) but the files are corrupt in the multiple places I've found them.

Is unpacking the only way of cracking this protection? If I can get the exe unpacked what are the next steps?

Thanks.

I'm not the best person to advise you on that as I'm VERY much a novice. I have 'cracked' ASPack apps and have allways unpacked them first, but whatever works for you. Just a thought, you can download the packer prog for free maybe that would give you some ideas ? I did find some unpackers on the net but you said you could not get these to work. I did find one reference to PEncrypt within woodman have you done a full search?
Anybody else care to help?