you can download it on the main page :
tsehp.cjb.net

Is it going to be supported on NT4? Just curious...

Hi +Tsehp,

There are no files in the revergin.rar

could you kindly check this out?
Thanks
regards
stillnewbie

Sure there are ;P

Don't open it with WinZIP but open it using WinRAR, hehehe

no support for nt4, sorry.
But I'm actually working on a win 3.0 version
nt4 is too old, and I had to include the psapi.dll to get the process list, just too lazy to add this, you should consider move to win 2k,
very easy to download on newgroups.
regards,

+Tsehp

Hi +Tsehp,
had a bad time d/l it :-(
finally it works .but has an error message when execute the revergin.exe
somrthing like violation acess
Violation d'accès à l'adresse 00405cd2 dans le module 'Revergin.exe'. %s de l'adresse
c02a6000
I don't understand french
btw my os is
win95
pentium166
32mb rams

regards
stillnewbie

Oops, +Tsehp doesn't like Win95 any more than he does WinNT, so it won't work on Win95. Luckily he took pity on us Win98 holdouts, and by jove it works pretty good! ^_^

Kayaker

Good job +Tsehp !!


NeO

thanks !
I'm still looking for a good soul who will manage to send me a working
safedisc 2 protected app to improve revirgin, especially with the problem mentioned in the recent cdilla thread.
later,

+Tsehp

hola tsehp+

im probably being a retard, but after reading your readme.txt (hastily written? ) it says in win98 to use the 'Load' button to load the executable, before you try and trace it...i dont see any load button (am i blind?) and when i try and trace i get an AV ;P

NchantA

hola tsehp+

im probably being a retard, but after reading your readme.txt (hastily written? ) it says in win98 to use the 'Load' button to load the executable, before you try and trace it...i dont see any load button (am i blind?) and when i try and trace i get an AV ;P

NchantA

hi artha,
can you help me solving this by saying precisely the target, win
system and version you use and iat rva, length.

also, interface bugs you've noticed, that will speed my work.

concerning the heuristics, I don't really trust them, it's longer to locate them but for a better use of revirgin, you *must* use sice, just
to see where those iat resolves so I choose not to code this.

TIA

it was a first version, just select the process at the left, do a resolve
and then you can trace the unresolved entries, download the new version.
regards,

+Tsehp

Tracer not supported under WinMe? why is that!?

+Tsehp my friend, I'm afraid that I have the same problem as NchantA: doing what you say, I get a 'hangup' of Revirgin. (As soon as I try the tracer).

I used win98 build 2222. Tried it on Awave studio (www.awave.com) and on notepad.exe packed using tElock (which can redirect IAT as well).

I couldn't find a load button either, but you say it was for the old version so that can't be it.

Tia,

Predator

If i weren't wrong, Predator is using the first version.
I had a first version too, the readme file is "readme.txt"
But in the newest version, readme file is "readme.doc"(was made some changed).

Ok, I'll test it again on win me using www.awave.com and report here.
don't forget for the tracer to work to put thread.dll into %systemroot%
later,

+Tsehp

Hi tseph,

well maybe a stupid question: where do i get the start rva and it's length..??
when i click the protectected file is asks me to use the rebuilder and when i do, it asks me to set the start rva and length. So it doesn,t gives these values automaticly,i looked with pe-editor but couldn,t find the values you used on your example:notepad(asp) .
I am using win98 first edition.

Thanks you for the hard work on app and greetzzz.

Spekkel

hehe that's the main job to do.
protected apps like asprotect packed exe won't give you iat start
and length, to find them try this :
the exe is running, set a bpx getmenu and select a menu item, sice
breaks, look at the call, if its like this call [425141] , then you've got an iat entry standing here, look at all the entries and locate the first,
substract the base and you have iat start, the length is easy to find.

OOOhh....yep i need more study (but i am so lazy)

Ok my prog is expired , and so i can't do it with the bpx on getmenu, and i thought this comparing is done before the whole prog is loaded (asp protected :unregistered version blablabla..), but of course i can't find this comparing (when i try trw, it craches ((and all my reg/file- spying utills are killed by asp.))

So any solutions or hints howi can bypass this ..

Thanks AGAIN.........SpeKKeL......