Log in

View Full Version : HeLp Me :(

GeKo
February 9th, 2004, 14:48
You excuse my English:

I have really need of your help. I Have a protected program with ACProtect and I wanted to know if an exists "Un-Pack" special. How do I do to remove ACProtect from the program?. Please help me
dELTA
February 9th, 2004, 15:01
Read the FAQ.
JMI
February 9th, 2004, 16:39
and then do a search of "acprotect." And among the results you will find:

http://www.woodmann.com/forum/showthread.php?t=4900&highlight=acprotect

Regards,
GeKo
February 10th, 2004, 04:54
Thanks for the interest. I attach the protected program with ACProtect. I hope in your help and I remain waiting for your communications. I thank you

Attachment removed...
SpeKKeL
February 10th, 2004, 05:53
Quote:
[Originally Posted by GeKo]Thanks for the interest. I attach the protected program with ACProtect. I hope in your help and I remain waiting for your communications. I thank you


Okee,

I used Eval's translation plug-in.(search the web ).and it says: " do a search of "acprotect." And among the results you will find:

http://www.woodmann.com/forum/showthread.php?t=4900&highlight=acprotect "

Thanks for the interest,

SpeKK.
JMI
February 10th, 2004, 13:52
Hmmm. That response sounds vaguely familiar. I fairly sure I've read it somewhere before, now where the heck was it?? Especially that part about searching and the reference to the "acprotect" thread.

Regards,
D-Jester
February 11th, 2004, 23:20
Do you ever get the feeling that no one read sthe FAQs?



Maybe its just me...
JMI
February 11th, 2004, 23:28
Nearly every damn day of my life.

Regards,
SpeKKeL
February 12th, 2004, 07:41
Ajo,

I must admit ac-protect has some nice (stolen???) tricks, you must hide si, it has a manner of stolen bytes(whatch the esp)you have to rebuild the imports and it makes some nice calls to perplexl !! these calls make my day shining ...(to make it difficult they use some extra code like )

SpeKK.
Shoob
February 12th, 2004, 08:25
yep but this target had no stolen bytes + calls because of of its a MSVB app? deep calls are no problem at all just trace the target calls and replace the byte after the return with the call in you mainly dumped program - not that hard.
SpeKKeL
February 12th, 2004, 10:04
[QUOTE][Originally Posted by Shoob]yep but this target had no stolen bytes + calls because of of its a MSVB app? deep calls are no problem at all just trace the target calls and replace the byte after the return with the call in you mainly dumped program - not that hard.[/QUOTE


Not that hard at all !! It's FUN !

SpeKK.
D-Jester
February 12th, 2004, 14:01
From my 'personal' experience VB apps all start the same way.

Code:


Push 0041BFC4 

Call MSVBVM60.ThunRTMain <-VB5 is Same Way


To find the address to push, use grep or peek to search for string reference inside the dumped file.
Find the string reference to "VB5!" or Hex: 56 42 35 21
And at the "V" or 56 you have the address to push.

Or course I am not an expert, I am only telling my personal experiences

Peace,