where can I find a tut(s) on unpacking progs such as early 32bit pecomp & v2 of softsentry, please? Whilst its easy enough to get round these from a pure cracking pov, I'd really like to understand what they're doing. All I've found so far is derision frompeople saying what naff protections they are - well maybe they are but I'd like to understand them for myself - & I've spent hours playing in an uneducated way to no avail.
With Softsentry, 20/20 seem to be out of business & I could only find a V3 demo with dogpile.
I have a couple of progs I'd like to examine - one of each - can anyone point me in the right direction, please?
(Ps I've done numerous tuts on other prot systems which are fine but I can't seem to transfer the learning to the above progs.
tia
Scal

Hi Scally,

There's a tut by LSD on SoftSentry 2.7 at Krobar's:

http://whateverhosting.com/krobar/other/other26.htm

I think there's a few things he doesn't mention about SS2 though. I'll try to dig up my notes, but SS uses 3 registry entries as reg/time checks - SSRandom, some cryptic entry in the main HKCR (something like [r%#y7h&*..), and one other one that eludes me right now. Sorry for being vague but I just wanted you to watch out for them.

Also, and be careful with this one, it modifies your Winhlp32.exe file, or if it can't find it, your Winhelp.exe file (adds 30 bytes or so to the end). So back 'em up or get fresh ones from your sysbackup dir.

Don't know about pecomp, Krobar's got a good selection there.

Regards,
Kayaker

Hi Kayaker, Thanks. It seems to use three reg entries:
ss_random, a system specific one in hkcr which starts { & ends in } and another in hkcr\SystemAppIDs. It also adds access.ctl & a dll with the app's name in windows system. (Deleting the keys & the ctl file gives another 30 days.)
I wasn't aware of the winhlp32.exe alteration, so thanks I'll check it & also the tut.
The exe/dll/ctl file & reg entries don't specify the sentry version & although I could find the jump to allow any key to tempy reg it (until restart), it seems to use several seeds to generate the checks & the final compare is to an integer, so there's no place where the real s/r appears.
Regards
Scally

Hi Kayaker,
I've seen the Krobar tut - unfortunately the prog I have isn't 2.07 (or 3.00) & its coded differently. The 'unique' sequence of hex isn't in the exe or dll associated.
I've tried several different file info progs & looked at both exe & dll in hexworks but theres no ref to the version number.
PS did SV send you the TA dump? I can't see how he did it.

Hi Scally,

Yeah, SystemAppIDs, that was the name of the other Reg entry. OK, if this one uses access.ctl then it's probably not V2.x-ish, which uses ss.drv as a bogus check file instead. In which case, forget the alteration of winhlp32, because I think it only does that in the earlier versions (I remember because I got burned with it

No, I haven't seen anything from TA, I'll try to have a look at it. What's this SS file you're looking at?

Kayaker

Hi Kayaker, yeah, the reason I didn't mention the file was I don't think its about on the net (not really looked, even at the site below) but it was from a mag. cover (www.computershopper.co.uk) issue 155,Jan 2001. Prog. is Autostreet 2000, a mapping program with gps interface.
You're right about winhlp32.exe - no change there.
I've also heard from SV with the rebuilt file but not had time to play with it yet.
Keep you posted
Thanks for your help
Scally