I've read a lot about how you should use revirgin on win2k because it is faster than icedump's tracer + you don't have to install w98 (yay!).
...but I have never been successfull in using RV-Tracer. Guess it was SOME time since it got beat, but is there not a way to get it working again?
I ask because I'm a stupid lazy clueless newbie who wich not to install w98...
besides I couldn't even get a copy of system commander and I already have w2k installed and no other computer, so it seems like a lot of trouble to go through...
But it disturbs me not to be able to unpack a lot of proggies...

/Manko

Hi Manko,

What cant you unpack without a tracer?

Hi Crusader,
A question (it may sound stupid, but....):
How would you find the dips in Asprotected proggies if you can't trace with /tracex or revirgin (or the infamous loader that's floating around)?
regards,
hobgoblin

Yup!
That's pretty much what I was going to say.

Though I reallise I shouldn't have to rely on tracers and stuff if I was a real (good) reverser...
Wasn't it you, crusader, who wrote a tut where you reversed the dll of an aspr? It might be easy for you but when the only working "tracer" on w2k (read something loader) doesn't work with an aspr, I lack the skills to either reverse the loader or the aspr, so I'm beat...

/Manko

Neccessity is mother of all invention i guess... i started out cracking on win2k so i never had the luxury of using icedump... so i have grown used to not having a tracer...

Regarding Aspr... there are ways of finding dips... if you want to dump and reversed aspr.dll i can help... aspr create a table of all the dips before OEp so if you can dump it, you can tell where aspr is going to dip...

You can do bpm 401014 x then trace on a bit and dump from there, or you can catch the IAT redirection routine and dump from there, or you can try finding the push series as i wrote on the tutorial which forms the skeleton of aspr.dll... there are ways i guess... even the Solomon ntcontinue trick will also works...

Ah well...