Zumo
April 8th, 2012, 21:30
I have an app fully unpacked and fixed the dump using ImpREC, but it refuses to run (showing in task manager but no windows.) It's obviously doing an integrity check which is why I'm here. The packer/protector was Yoda's Protector 1.03.2 beta 3. The app creates and depends on reg keys and files in multiple directories as shown using ProcMon. The app is ID'd as Visual Basic 5.0/6.0 using Exeinfo, PEiD, and RDG Packer Detector. For what it's worth, using VB Decompiler, VBReFormer, P32Dasm and others, it seems it's not been obfuscated. I've searched endlessly on integrity checking and the likes to no avail. Most results eventually lead to foreign language websites (Turkish, Arabic, and Chinese mostly) with crappy translations using chrome. I've found something called "Defeating File Integrity Checks Through Redirection" on Fravia's site. However, that piece was from '98, so I'm not sure how relevant that would be today. I'd be eternally grateful for any guidance I can get. Thanks!