Hello !

I tried to dump a proggy packed with SVKP 1.3x -> Pavol Cerven using a memory dumper like procdump,memory Dumper,LordPE...etc
after finding the OEP hehe (using Ricardo methodes..)
but the probleme is that the proggy Process doesn't appear in the process list .So i used the ollydump 2.0108 ;but once done a message appeared : " The application or dll C:\Windows\system32\SetVer.exe isn't a valid windows image.Check through your installtion floppy disk . (in fact the message was in french

Please what to do ?

Where can I download tutor about unpacking SVKP 1.3x?

Try Ricardo's tutorials. They are in Spanish though, but you can translate them with some online translation utility such as Bablefish, should be enough to understand what's going on. The tuts are always very detailed. Ricardo: keep the good work going man :-)

Regards,

tonyxxy

Hi there,

as you can see, I´m pretty new to this forum and I apologize for my first post being a question, but after reading this:
after finding the OEP hehe (using Ricardo methodes..)
I became curious about what "Ricardos methodes" are. I read a lot about and from Ricardo Narvaja (It´s the guy you tlking about, isn´t he?) and I also searched his FTP for some stuff concerning SVKP but so far I was not able to find something. Do you mind explaining me, how this method works, or where i can find something about it?
Thanks a lot in advance

Regards Paule

btw. Really nice board

HE paule !

enter Ricardo 's ftp and dowload his lessons (tutorialz) about finding OEP of all known packers such as ASPACK, Neolite,Asprotect,Armadillo,..etc and then you will be able to find SVKP's OEP easilly.In fact, i used the methode concerning asprotect OEP finding and worked good Exception methode)
KNOW that the content of FTP IS IN spanish language.

read his cursos and read them all and.....

sorry i can't tell more
thanks for your question

Hi yano,

first of all I would like to thank you for your quick answer. I will do as you´ve suggested. There is so much stuff on this FTP, I think I would have searched forever. Unfortunally I´m not able to understand Spanish, but i´ll give it a try with Babelfish or another translation-tool. Even if not every word is translated correctly I think it will comfort my needs.

Thank you

Regards Paule

hello !

Simply here is the site you would look for :

http://www.iespana.es/OllyDBG/Ricardo.html
("http://www.iespana.es/OllyDBG/Ricardo.html
")

You can find here all you want concerning the Unpacking...hehe
of course included SVKP packer

But this site is in english as well
bye !

hello !

Simply here is the site you would look for :

http://www.iespana.es/OllyDBG/Ricardo.html
("http://www.iespana.es/OllyDBG/Ricardo.html
")

You can find here all you want concerning the Unpacking...hehe
of course included SVKP unpacking

NB: But this site is in spanish as well
bye !

There is a tool called SysTran which actually produces quite understandable English from those tuts.

Thanks a lot for all the information. I managed to get the tuts (there has been two of them) concerning SVKP-unpacking. Unfortunally none of the techniques provided within these tuts worked for me. I tried it also the "ASProtect way" and still the same -> I stuck in the middle of nowhere. I always end up at "Int 1" (the last exception) and can´t get Olly to break afterwards. When I follow the code after this "Int 1" I arrive at "SYSENTER" within ntdll. Executing this SYSENTER the prog starts. My target is protected with with SVKP 1.32 (as far as I know). Any ideas what to do? I´ll keep trying.

Regards Paule

As far as I know, Ricardo's tutorial is all the help you get on this
issue. I've tried to unpack SVKP myself without success.

I tried to follow Ricardos tutorial (with the same target he was
using) step by step without getting through it - bad translation.
So I was looking for some help at efnet #unpacking, but all they
told me was like "Ricardos tutorial didn't work for me... wish u
luck... if you manage to unpack, tell us how..."

There was one last chance to get some help: Asking one of the
elite cr@ckers personaly. I did, but never received an answer.
It's kinda frustrating...

BTW the target I want to look inside is supposed to be a trojan!
I wanna do some research and for that purpose I need to unpack
it.

@all : Ricardos side is down by now, you will find tutorials at
http://crackslatinos.hispadominio.net/
("http://crackslatinos.hispadominio.net/
")

@ Ricardo: Did you check your PM at http://www.woodmann.net/forum ("http://www.woodmann.net/forum") ?
I need YOUR help.

i have no messages at woodman , plis send again o mail me to

ricnar22@millic.com.ar

and mail me the link of this program packed with svkp and i try unpack or put in a crackslatinos weekly contest for members try unpack and make a tut.

Ricardo

Dear Ricardo,

Check your mail.

i reply your mail jeje

@ALL

The well-known ^DEAMON^ apparently coded an unpacker
called SVKP Explorer, but he's never going to release it.

He wrote:

"Svkp explorer is not to be released to the public... i promised pavol a few years ago to never ever hurt his protector "

Source: [h**p://disc.server.com/discussion.cgi?disc=203830;article=211;title=D aemon%27s%20Cave]

See a picture of SVKP Explorer on his website
h**p://daemon.anticrack.de/beta.htm

Don't even think about asking ^DEAMON^ for help or the unpacker
itself. He and Pavol (the lamer that created SVKP) are best friends!!

Obviously they're up to make some cash instead of doing
something for the community. Too bad, that their little baby
didn't work out for 'em...

(hehe... )




@Ricardo:

I've read your mail and I've send all the infos to ya. Let me
know if you succeeded. Talk to you soon.

Pavol used to be a reverser like rest of us, when you grow up you will realise that you can make some cash with knowledge you have and will eventually switch sides too

Well, the tool is now released on Unpacking Gods site, if anyone's not seen it, and I'm now trying to find docs to use the tool, as they don't explain how to set options for it..

~BoB~