Simply(!), I would like to 'unpack' a telock file, Gilbert Goodmate Patch, the exe is telocked with 0.80!

Have dumped with Procdump, looked at revirgin, but completely lost!

Can anyone help or suggest how to unpack this file!

Hiya,

+Splaj has a good essay on tElock unpacking for version .71. Perhaps it can show you how to approach the target. It would seem +Splaj's site www.discompress.com is down, so I'll u/l the tut to the board for ya. The original html file was very printer unfriendly, so I'm attaching a .txt version of it.

Regards,
Clandestiny

Thanks for the tut!

Small problem, Softice won't work with my video card, Matrox G200!! Nothing happens when I use CTRL-D, the system freezes until I press CTRL-D again! Looks like softice is activating but not displaying a window!

Is there a fix for this or do I need to use an alternative debugger?

Thx

Ahh, but it still does exist under the guise of evil_+Splaj... }>

http://59327516776/discompress/

not_so_evil_Kayaker

Hi

Yes tE!lock.8 is very nice, and FREE (greetz egoiste)

My approach ( I don't normally use Icedump cos I reverse in Win2K) is to find the 'signature' bytes then you are near the OEiP and ready to dump/rebuild. You also have to stop the IAT being destroyed after it has been mapped and redirected. Also use LordPE to dump cos it fixes the PEheader from disk so no section count FFFF probs

You have to hide the SI as well

For a starter, the signature bytes :-

"B9,09,01,00,00,8D,BD,09,99,40,00,8B,F7"

do some research and you get more help }>

+SplAj

Well it looks like i'm stuffed b4 I start! Sice 4.01 won't work under ME! In fact ME strips out the sice commands in the autoexec.bat when it boots :/ so it never loaded at all!!

I assumed CTRL-D had froze my machine as nothing had happened (I had the same under Win98, but sice HAD loaded and that did freeze with CTRL-D!)

Which sice version runs under ME?

If you think I'm wasting your time, kill the thread and I'll forget it, will just have to wait for a 'telock' unwrapper!

Sorted!

Softice 4.05 + info & debugger.exe from Numega + MS Debugging Kit for ME = working sice! No video problems

A bit of 'research' helped there

Now to work through the tut!

Sh*t! Now Icedump won't load...grrrrr! ICEDAT.DLL ver 4.05.334, so ran icedump for 4.05.334, just get 'VXDLDR failed to load icedump'!! Should I give up!

DONT EVER GIVE UP !

That's what makes a good reverser, took me 2 weeks to figure out SI with WinME on my new notebook cos I am too proud to ask such lame q's

Actually I believe Iceman made a nice utlity to load SI without the
M$ baloney bloat degugger stuff....

Any way you are nearly there, this prob should be in the faq cos Icedump has to have kernel & user dlls loaded by SI. So change your ';exp=' in winice.dat to point to the real dll's like EXP=c:\windoze\kernel32.dll etc etc

reboot, icedump will now load

later

+SplAj

latest news regarding tE! lock (now up to v 0.90)

With ALL versions of tE!lock I have it takes 10 secs to get to the OEiP......- but Kilby will take an hour with his Frankie Fingers

BPX VirtualProtectEx
f12
s cs:eip l eip+200 61
bpx the memory location of 61 [popad]
there U R , at the hand over :-)

+Spl/\j }>

Hello i try to unpack telock .90 but i think that the problem is not that much the OEP but more rebuilding ITA..


NEO'X'QuiCk