I'm trying to "Fix" the new Boson exams .
I've unpacked it manually with TRW2000 and it runs.
I've unpacked it with procdump and it runs.

One problem thought. When I look at the idata it it missing alot of msvbvm60 functions.. it looks as if it is incomplete. On previous versions that I've unpacked, everything looked fully unpacked and I could merrily search for the correct bytes to "FIX" . I suspect (from looking at the dlls that come with it that it probably is still zipped (unzip.dll) after unpacking and needs an argument after exe (hence the need for start menu shortcuts) to continue on .. unziping and then running.
Now IDApro4.15 chokes on the unpacked file (which does still run by it'self) and in Hiew only a small part looks unpacked.
I'm tyring to use TRW2000 to load the program so Ican follow it as it unpacks but as the exe needs an argument for it to run I can't get it working. After Neolite unpacks (JMP EAX) the exam terminates ("please use Shortcuts" blah blah blah)

How can I Load exe with it's argument using TRW2000??? I need to add command line funtionality ??



Can anyone offer any solutions or point me in a suitable direction ??

I'm very new to this but I learn quickly


Cheers

Star Buck

hiya,
there is one guy around here that could help you with this, he's K**** and I know he's been itching to take trw apart and add all sort of missing features. Cmon K give the guy a helping hand. Oh btw would you add cut and paste while your at it :-D

Heh, heh, funny guy ^_^ I still don't know why you want copy and paste functionality in TRW. Think I can't come up with impossible projects on my own? LOL

Anyway, since the gauntlet was dropped I thought I'd at least have a look at it. I tried loading a program I have which uses a command line argument with TRW. No go. Loading the file as a shortcut with the argument specified only brought up the main program. Specifically typing in the argument in that little edit box caused an error on loading. So I guess TRW doesn't support this directly.

However, is there any reason you can't set a breakpoint in TRW on some early call and just start the program from its shortcut with the command line argument intact? Since you're dealing with VB, I made up a little junk exe in VB5 and traced it in SoftIce. The very 1st Kernel call is GetStartupInfoA within the VB dll. Then I started TRW, entered it with Ctrl-N and set a BPX GetStartupInfoA. When I started my program again, TRW broke. From here you should be able to get back into program code. Actually, I guess you'll be dealing with Neolite code, in which case you just need to find an early call in it that you can set a BP on, GetVersion or GetModuleHandleA or something. Maybe even GetProcAddress, dunno, I'd have to check out how Neolite starts up. You won't be missing much of the unpacking code this way.

SoftIce however can support command line arguments which you can specify under Module/Settings, so you may want to try this with SoftIce instead. Sounds easier to me, I don't really do TRW much.

Sorry, that's all the help I can muster. No Ctrl-C, Ctrl-V today

Regards,
K******

Hi K******,

Thanks for the suggestions. I didn't realize SI supported command lines as I have had alot of problems in the past with softice crashing my PC . I've tried playing around with alot of things on my PC but invariably, it crashes, so I haven't used SI in quite awhile. I kinda like the fact that I can load /unload TRW on the fly. I guess it's time to revisit SI .

Once again, Thanks for responding


Cheers

star Buck