Log in

View Full Version : Sentinel Super Pro Shelled files problem

nasty
September 4th, 2004, 19:23
Hi to all,
I'm not "expert" in SSpro dongle...
I'm working on a SSpro target from about 3 months, but this software have about all mainly files .exe and .dll shelled!
I have unshelled some files but it's a problem to unshell all !!
I have got then the original SSpro USB dongle.
Now i want to know .. there is a fast way to dump all files using the dongle and after using without dongle?
What are the right steps to do a good dump and a fix (patch) to the shelled file ... to work right?
I have, until now, follow the theory "without dongle".
Please help me !
Thanks a lot . and see you soon!
Woodmann
September 4th, 2004, 21:45
Hi,

I am not quite sure what you are asking.
If you are asking is there a way to use the dongle to figure out
how to run your program without it....Yes

You need to "spy" the information passed between the dongle and program and then write the patch.

Woodmann
(of course you could have searched for this)
nasty
September 5th, 2004, 06:06
Thanks for reaply Woodman!
Yes i want to "spy" this information.
But what spy i can use?
There is a kind of dll that can spy the query and other info from the dongle?
I have tryied to "spy" manually but i have some errors (is also why i'm not expert with this).
Please help me .. i want to learn much about this .
Thanks!
nasty
September 5th, 2004, 18:12
Thanks for reply Woodmann but the link that you send don't works .. tell me "Sorry - no matches. Please try some different terms."
can you resend?
Thanks!
Woodmann
September 5th, 2004, 19:36
My bad, sorry.

Open the search pull down at the top of any page and enter your favorite search phrase ie; sspro

Tell us if your search helped you or if it did not, why.

Woodmann
nasty
September 6th, 2004, 05:57
Thanks for reply Woodmann.
The problem is this ..
as i tell i have broken some shell on several files of my target (using as "know-how" this great forum) ..

So to unshell some file i made a dump (with dongle) and using the first 8 or 16 byte of the dumped stuff i brute the N sections (of the shelled files ... in my case 2 sections, .text and .data) and after unshelling (rebuilding the sections.. change the IA address and size and surely the OEP usign LordPE) and removing the "added by the shell" 4 sections to the original file!

The problem is that this shelled files are MANY and MANY!
And need MUCH MUCH time!
Now i have got again the dongle to try again so i ask to "expert" a "faster" method to unshell the stuff (all the files .. why is not only ONE file!!)
I know how this forum works (search for "sspro" or "sentinel" or "sentinel super pro" and i know a bit as the Sspro works .. but i think that MUCH MUCH expert guys are there.
So please help.
Thanks