I have a target processed by Hasp4 Envelope...
"bpio -h 378" does not work , only deviceiocontrol does...
But even i crack it i have to unpack the EXE ?
Any info or XP about this ?
Below is the section map of that EXE in case it is asked...
Thanks in advance...

.rdata RVA: 0008D000 Offset: 0008D000 Size: 00019000 Flags: C0000040
.data RVA: 000A6000 Offset: 000A6000 Size: 00008000 Flags: C0000040
_TEXTLH RVA: 000B3000 Offset: 000AE000 Size: 00001000 Flags: C0000040
_TEXT_HA RVA: 000B4000 Offset: 000AF000 Size: 00011000 Flags: C0000040
.rsrc RVA: 000C5000 Offset: 000C0000 Size: 00023000 Flags: 40000040
.protect RVA: 000E8000 Offset: 000E3000 Size: 00024000 Flags: E0000020

Regarding breakpoints you should try FreeEnvironmentStringsA

So far I know the hasp4 envelope uses the Hasp Decode feature using the dongle to decode data from the .exe file. So unless you have the dongle or access to it it's almost a waste of time.

The best manual ever is made by Aladdin (maker of hasp) and can be found on www.hasp.com

If i have the dongle can i dump it ?
What will i have to do to dump it correctly
and restore the OEP ?
Yes i did it for some simple protections
But is there something special to HASP
that i should know ?

Just adding briefly too CyberHeg's post.

If you have the dongle : of course you can dump it, the HASP4 envelope with the dongle connected is little better than any of the PE packers out there (it doesn't need to be). I suggest you investigate IceDump's /trace switch. After dumping at OEP, most likely there will be a HASP API to contend with too.

Setting a breakpoint as you describe is pretty pointless, the HASP4 envelope has several layers of SEH and decryption, the new decodedataservice() is a block decryptor which decrypts portions of the encrypted sections in 1000h chunks, frankly it isn't worth the time you dumping these and trying to fix them up, let the envelope do all the work for you ;-).

Small Note to CyberHeg, I have some info. that might be interesting re HASP 4 ;-).

Regards

CrackZ.