Hello!
Here I present manually unprotected program:
TMGs "Kawa v5.0 Professional Edition Keygenerator"
Search & download it from WWW.CRACKS.AM

This program is protected by unknown protector (for me; If You know, tell me).
Can be TMGs internal protector or tE!Lock internal release. Made by Hackers, unprotected by newbie 8-)
With these tools I do nothing:
GUW
IMPREC
REVIRGIN
PROCDUMP

So good protector. But!
Also main program perform new (for me) kind of protection: data section entries mangle.
(?mangle is correct word here?) See file heheKawa.exe. Hehe, what tool can recover data!?
So problem can solve in one way: debug, catch in memory original rdata and data sections
before they will modified and dump them. (OEP also needed). Also base relocation table in memory erased,
so I not erase last section and paste relocs from original file, but then (just for funny)
I insert in last section deprotector code also dumped from memory! For proof's analyze!
I only can't handle "great" icon problem on file "property tab". Teach me!

So I am interesting:
1. Authors of Imprec and Revirgin: Your comments about TMGs prog!
Maybe your programs filed because PE-header is very funny corrupted?
2. Newbies (like me): lets make competition in manual unpacking! (Can you do this?
3. What protector is? Hey, TMG! Tell something!
4. Are my IT & IAT values in header correct?
5. Tell me, what other hard anti debugger protector like this and like PCGuard you know and
lets unprotect interesting program protected with that protector.

Best regards!
& sorry for eNgLiSh!

UnPack 2.2 detected protector as tE!Lock, but included 7 unprotectors
can't unprotect this file. Also unti-debuger code is more hard then tE!Lock v0.90 has!
So internal version can be!

Dear tE!
If you read this, please, point me to program protected with latest INTERNAL version of tE!Lock.
I am very interested, can I jump over protection?
Also, excuse me for mistake about TMGs internal protector and tE!Lock internal version!
tE!Lock is from TMG

Hi evaluator,

Wow long time i posted here
Anyway i've looked at it (just a quick look) and it seems it's either some new or atleast not a public version of tElock
Or it's another Packer/Encrypter that looks like tElock, if so i think Inferno made it because of the string "Coypright (c) 2000 by Inferno [TMG]"
This string can also be for the Keygen but i don't think so hehe

Cya...

CoDe_InSiDe

Hi evaluator,

Ok, i Unpacked the file and took a little closer look and it's probably indeed tElock but a version i don't know

(Maybe tE made a non-public version for TMG? )

Cya...

CoDe_InSiDe

Thanks for replay, CoDe_InSiDe!

How you think, this is hard anti-debugger code or no?
If you know about more hard anti-debugger protection, tell me please.

I compared tE!Locks unprotector code end this unknown and found only one common string:
GDI32.DLLUSER32.DLLSHELL32.DLLKERNEL32.DLL

But not name is actual here, actual is this: nor ImpRec, nor Revirgin 1.1.1.18 can't do
anything with this proggie! Even if you give them true values (grab from my file).
What's happen?
ImpRecs and Revirgins authors: it is not actual?

Hi evaluator,

Hard Anti-Debugger? no it's simple you don't even need ImpRec or Revirgin (well if you maybe want to Unpack it "fast" then you can use them )
I Unpacked it without them and you can easily bypass the protections
The Decryption Code is a little different then normal tElock (for example ebp = 'BCHK' , eax = 00000004 , int03 i can't remember this from tElock but i also haven't checked the old versions good enough yet

Btw, you've Unpacked the file right? Same way as me then probably without both tools since you're saying they can't handle it

Cya...

CoDe_InSiDe

that one's a private version assembled for inferno/tmg.
one out of +35 different versions in the meanwhile. i think
i start loosing digest. for most versions, differences are very
small but there're a few which are a lot different. most versions
are not released to public and never will.

as i state in telock's help file i don't keep sources of old
or modified versions, coz they're of no use for me. furthermore
i don't keep copies of private compilations i made, that's
why i can't point you to "TMG internal" version(s), evaluator.

in the meanwhile i'm @ v1.1 and have to send some thank
you's over to you guys here. you helped me to improve a
lot of things. before anyone asks now where to get new a
version...you don't need it. sooner or later you will run
into it while cracking a shareware prog or something.

also, this telock project starts to beome very very boring.
no clue if i will go on working on it.

tE!

Hi, CoDe_InSiDe!

1. Are you newbie??

2. I wrote about ImpRec & Revirgin because they can't handle this program
and it maybe is actual for programmers. Also try you and tell me results.

3. So you can't tell me about some other protector with hard anti-debugger code. Or can?

4. Go to my other post and try manually unpack "PCGuard 4.03 Demo".
Then tell me how you do it, what tools you use, is PCGuard hard protector or no.

16h. I tryed to to post it!

Hi tE! / evaluator,

tE!:
Argh, all those versions
It would be a pitty if you stop working on tElock.
Maybe you can try to find some new fresh interesting stuff

evaluator:
1. Ofcourse, who isn't

2. I don't like to use ImpRec or Revirgin (Sorry Mack_T/Tsehp ) they're good tools but i simply don't like to use them

3. Hmm, Hard Anti-Debugger Code... Maybe you can try PE-Protect v0.9, it's a rather old one but a good one if i can remember it correctly

4. PC Guard v4.03 DEMO, hmm i've never really tried PC Guard, i will do that sometime dunno when

Cya...

CoDe_InSiDe

Thanks, tE! for your replay!

With tELock v0.90 anti-debug code I have no problem. (backdoorz?
Infernos version looks little better.

CoDe_InSiDe!
I already tried Pe-Prot. It's out of my little knowledge.
I don't know ASM instructions (except jmp, call, ret, nop) and
registers window in debugger is Magic for me!
I only found one little trick for jump over anti-debug code and it not works as yet with Pe-Prot.
If you know, point me to easy for understand tutorials about ASM and debug.
Thanks!