Hi there,

I'm not experienced in cracking packed applications.
I've read some tuts (tsehp.cjb.net & others), but I don't find the same code & the same addresses as in my sice.
I'm tryina crack VBOX 4.3 under WinME with sice 4.05.
(I tried different upackers too, but the result was an .EXE which doesn't run properly, of course.)

As far as I can understand there r different versions of VBOX 4.3.
Could some1 gimme any info/links/tuts/advices about VBOX 4.3 cracking ?


Thanx

Hello fla !

You can't find the same addresses, since they differ in each version, but they code should be there.

Go to tsehp's page (tsehp.cjb.net) or use the direct link here (http://www.woodmann.net/fravia/dezzy_vbx43tut.htm)

Greetings fla!

If you like you can try my essay, it's very easy to follow
(if you ask me..)!
TRES2000 (http://www.geocities.com/Vienna/Opera/5748/front.htm) (look for it at our essays).

So give it a try, if you still can't resolve it, let us know
where your at and we'll go from there..

regards
McCodEMaN

DakienDX, McCodEMaN,
Thank u guys, 4 replying me this soon !

DakienDX: Yess, I think there r different versions even 4
VBOX 4.3...
(I've already read this essay. 10k u 4 the link anyway.)


McCodEMAn: I've had a look at ur page. Nice made, really. But my problems remain...
Wot I'm tryina say is that in ol essays (including ur too), there r such addresses & such a code:

0187:0700BB39 FF15C8210407CALL[KERNEL32!GetProcAddress]
0187:0700BB3F 8BF8 MOV EDI, EAX
0187:0700BB41 3BFB CMP EDI, EBX
0187:0700BB43 0F849D010000 JZ 0700BCE6
0187:0700BB49 8B7616 MOV ESI, [ESI+16]
0187:0700BB4C 037508 ADD ESI, [EBP+08]
0187:0700BB4F 395DDC CMP [EBP-24], EBX

The very problem is not that I don't understand the code, but that I don't find it. I bpx GetProcAddress & so on & so on, but I don't reach :700BB39 at ol... I tried 2 find it by scrolling the screen in SICE & I found it, but the code was not as the 1 described above...
I'll give 1 more try & if still nothing, I'll give u a snippet of the code I c in my SICE.
I begin thinking that there r different versions of VBOX 4.3 :|
Another thing that makes me think so is that... In the tuts I read, there was said that VBOX 4.3 doesn't detect SICE+ICEDUMP & TRW2000. Not true ! Tryina catch VBOX 4.3 with TRW2000 my comp hangs (blue screen), & with SICE+ICEDUMP VBOX 4.3 gives me a message that I use a debugger... (But only sometimes; sometimes not).

That's ol. 10x once again people 4 the help.

Greetings!

Thats not true!
I've never written that vbox don't detect softice, and
I have a hard time beliving that Tsehp have made
this statement!
If you look at the beginning of my essay you'll see
that I used "Softice backdoor keeper" to bypass
this ADT!
An secondly, Vbox 4.3 will not detect TRW, if you use it
with: "Faults: off"

regards
McCodEMaN

...

First: A, yeah... I understand now that u r right about both SICE & TRW...
(I'm gonna try TRW again.)

Second: I tried wot is written in ur (& in other tuts):
1. I open my SICE & I bpx GetProcAddress.
2. I start the VBOXed application.
3. In my SICE I don't c the code u describe in ur tut, but after F12 I c the following:

016F:78003BF8 50 PUSH EAX
016F:78003BF9 FF15CC300378 CALL [KERNEL32!GetProcAddress]
016F:78003BFF 85C0 TEST EAX,EAX
016F:78003C01 0F8437B70200 JZ 7802F33E
016F:78003C07 6A00 PUSH 00
016F:78003C09 FFD0 CALL EAX
016F:78003C0B C3 RET

Wot's the problem ? :|


Third: As was in SICE, hunting around, I found such a string: 'VBOX 4.3.0.21 Special Build'. U know anything about that ?


10k u

Greetings fla!

I can't at this first glance say that I rec. the version!
Anyway, the method is still the same, IAT.....then
find "jmp ebx",...edit... dump...fix...done!

regards
McCodEMaN

McCodEMaN - 10k u very much 4 ur reply. A... I think I'll have wot 2 do this weekend (reading some more tuts &... Keep tryin'

10x once again.


P.S.
I tried with TRW200 - 'faults off', but... When I start the VBOXed prog & the TRW2000 is active - the blue screen of death appears :|
I think this is a new version of WeiJunLi's mind :|...

what is the proggie? And url?

Hi, I'm new here and I'm also trying to crack an app protected with vbox 4.3

I've tried TWR2000 v1.22 and even with faults off vbox detects the debugger and doesn't start the vboxed app.

The app that I'm tryin to crack is located here "http://wcarchive.cdrom.com/pub/bws/bws_52/TurboCADProfessionalv8TrialNoReg.exe"

Very good CAD program. See "www.turbocad.com" for more details if are interested in the program.

If anyone experienced in using twr2000 or softice could help I would be very thankful.