hi ive been trying to research pace interlok (latest latest version) so i can disable it however i am a total newbie and dont really know what to do. if anyone can tell me how to get rid of it so i can use the program its protecting that would be the bestest ever. any point in a direction would be just as good

The boards search function would be a good start, I get 7 other hits when I type in 'interlok'.

hy,
first, get ucf/zone unpacker and try it, it will maybe work...
If not, you will have to hook deviciocontrol to collect good response of tpkd.sys (ie undebugged)
after that disassemble tpkd.sys (crypted..)
find the dispatcher and fake the answer of services 70060 (debug check and selfdecrypt), 70080 (dbg check and time md5 encryption for expiration purposes,700A0 and 700B0 (weird calculus). Once you do that, you can debug the exe. interlok create one or two threads, the second one ask the .sys and if ok unpack the application and run it by a jump ebx. Bp on it and dump then run imprec to complete.

I used a different technic on a graphic soft by manual unpacking tpkd.sys to have an overview of the nice obfucation and debug detecting techniques used.
Once I will found or someone post me a pace sdk, I will build an automatic unpacker for release 5 of the driver.
Now I must desappear a little bit. look in the forum using the search and you will find some clues
Good luck

Hi there,

I have searched for the "ucf/zone unpacker" but cannot find it.
Where can I get it?

I have problems with the latest PACE, too

Best,
Fsound

You can find it in the FAQ, on the third row after the heading...

just shoot me, but I cannot find it in http://woodmann.com/forum/faq.php

BANG!!!!!

Check the FAQ link in the BIG RED LETTERS at the top of the Forums.

READ THE FAQ AND SEARCH BEFORE POSTING!

Clicking on that link gets your here:

http://www.woodmann.com/fravia/rce-faq.htm

The third line is: - Do not ask where to find the "tools".

This message is also repeated in the caption for the Tools of the Trade Forum:

Do not ask where to get the Tools of our Trade. Do not even think about asking for them.

NOW ARE YOU ABSOLUTELY CLEAR ON THIS?

Regards,

alright ...
but why do you put it in the FAQ and not into the rulez?

btw: I already said that I have searched before posting ...

Are you completely dense or what? That message is in a file called:

rce-faq.htm

and the "Rule" is also posted directly on the face of the Board.

We don't give a damn if you searched for the tool you want or not.

YOU ARE NOT TO ASK FOR THE LOCATION OF TOOLS ON THIS FORUM.

Now it's time for you to state that you CLEARLY understand and will FOLLOW this rule or you are history.

Regards,

as I already said: ALRIGHT

But you followed it with the "excuse" that you had search and failed, as if that was an excuse for ignoring what was clearly in front of your face.

Regards

yes, you are right, it was my fault.

It's all because I am tired and tried hours of patching a PACE-protected DLL.
Sorry :-(

Hehe, F-Sound, the users at N2C warned you about this.. I read the thread there

Instead of asking for an unpacker, decrypter or what have you, perhaps you should try to post yours results and see what answers you get.

People here are willing, I'm sure, to help you out

As for me PACE = Tooth Paste...

thanks for the warning.

My results aren't that good.
The (hidden) driver detectes Olly and sICE, if you open the protected DLL or the SYS-Driver and reboots the system.

I tried to install a VirtualPC on WinXP using Win98se and WinXP, but no success.
The latest InterLok-Drivers detect the virtual enviroment and give a bluescreen when launching the protected app.

I am very sad :-(

So it'a time for you to read up on anti-debugger detection and defeating techniques and try to find what the program is using. There is a gread deal of information on the Forum about these issues and much more out there on the net. That is why the Diety invented search engines (and the search button here), so you could find information you might need.

How about you start there.

Regards,

alright ... but can anybody please answer THIS question first:

Is it possible to depack (etc.) the latest PACE at all?

Well the obvious answer is that if it can be packed, it can be unpacked. If it couldn't, PACE wouldn't have to be continually updating the software to overcome the latest advances of the crackers. The main necessity for the "unpacking" is that you keep the debugger working. If you can't, YOU will not succeed.

There are many ways that the protector may be attacking your debugger. It might search for the window names of the product. It might even check for another running process that it can identify as a debugger and shut it down, or crash the system if it detects one running. You simply have to recognize that it IS detecting your debugger and then set out to figure out how and prevent it from shutting it down.

The PROBLEM is that at the moment you don't know very much about how debuggers ARE detected and until you study and find that out, you have little chance of recognizing such code in your target unless someone simply TELLS you the answer. This appears to be what you really want. It is also what we generally do not do here.

Now have you reviewed the materals already here and on the net on reversing this software or not?

Regards,