View Full Version : Vbox 4.3 questions
Poltergeist
March 19th, 2001, 21:37
Has anyone tried unwrapping CorelDraw 10 trial? I've been playing around with this, but so far no luck (I think it's mostly my unfamiliarity with Windows based cracking, however). It seems to be protected with Vbox 4.3 (vboxm431.dll, vboxt431.dll, vboxz432.dll are the dll files in system dir.) The 'target' files are a bunch of small executables (coreldrw.exe, corelrve.exe, etc) which bootstrap larger .DLL files (coreldrw.dll) -- the large DLL files do not seem to be encrypted. The Vbox 4.3 generic unwrapper by UCF crashes back to Win2000, and I can't seem to make a working .exe through sice/procdump. I read the essay by Marigold to try to get some background on this protection, although it was written for 4.03. Looks like things have gotten a bit tougher since 4.03. (Was looking into doing the memory-patch trick with the .DLLs -- decided it would be easier to remove it altogether). Any hints/ideas/etc? Thanks
bAZiK
March 20th, 2001, 15:15
Poltergeist (btw, are you German?),
I've done some VBOX reversing at MGI and Total-Idea Products (VBOX 4.3). If you beat VBOX one Time, it's quiet easy! Took me about 5 hours for the first App, 5 for each next ;-)
Where can I get the Corel Draw Trial? (I'll look at Corel.com in a few minutes). If you are interested, I can give you some Tips on reversing VBOX!
regards,
bAZiK
http://www.AmoK.am
Poltergeist
March 20th, 2001, 19:39
I (somehow) got it to work today.. I was following the "How to manually remove Vbox 4.3 tutorial", and it wasn't working under Win2000. Tried again on a Win98 machine, and it worked fine. With Win2k, everything seemed to be going according to the tutorial, but the dump resulted in an "invalid executable file" according to the OS. I used Sice/Sice Backdoor Keeper/ProcDump. Will post more details tomorrow.
splaj
March 21st, 2001, 08:20
Hi Polti
With NT did you try to 'rebuild' the dump exe with PEditor 1.7 to fix up the PE header correctly ?
SplAj
bAZiK
March 21st, 2001, 09:59
Hmmm....I think, as SplAj said, you need to rebuild the file with PEditor with option "make pe header nt/2k compatible". Worked fine for me on 9x/NT/2K/ME.
(used TRW2K, ProcDump and PEditor for unpacking)
bAZiK
Cps530
March 22nd, 2001, 13:43
I'm experiencing the same problem. Where can I get PEditor 1.7 from?
Thanks.
bAZiK
March 24th, 2001, 05:58
www.freak2freak.cjb.net
or
www,protools.cjb.net
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.