Well, i unpacked a version before of this program, but now they put something that detects softice or icedump =\

Before i used the basics things

1) hide softice with icedump
2) uses /tracex to get OEP
3) /dump the file
4) fix idata...
But now i cant hide softice =\

While debugging, the dammed C3 reboot my pc all the time...this is a trace detection, but it only works if you go tracing with F8...with /tracex it doens't happen...

I wanna know how to discover which thing it detects, there is like 10 sections in PE header...

Can u guys help me?

Thx!

<Please, no direct link>

hemm, I am very interesting about this cool reboot.
Where it is?

Hi!

I'd like a PM with link, please!

/Manko

First i would like to thank you for trying to unpack this program.
It's a Brazilian app and with this you can add a shareware code to any app writen in VB or Delphi.

Web: send me a pm
Download: send me a pm

Cracking info:

The compiler is Visual Basic 5.0.
Pe Header with sections named .DRD00 to .DRD09
I unpacked the 2.0d version like this:

1) Hide softice with icedump
2) I found the OEP with /tracex comand (VB's OEP is always after the jmp __vbApis)
3) Dumped and fixed the idata with imprec.

But with 2.0e i can't hide softice, if softice is loaded and icedump too, the app doesn't load =\ i think that it looks for icedump, i'm not sure...

If i can run the app with softice loaded i think that i can unpack it...but the problem is to hide totally softice.

If you have any question send me a PM...

I think that if we can hide softice, the unpacking is bullshit..... ;P

thx in advance