View Full Version : TELock ...
NiTeCr4Lr
12-09-2005, 02:57 PM
i have a TELock v0.98 or newer protected file and PEiD wont wont :huh:
what to do ...
EDIT:
Found UntElock but doesnt support win xp...
haggar
12-16-2005, 05:46 AM
This script unpacks tE0.98.
var CB
var CS
msg "Ignore ALL exceptions!!!"
gpa "GetModuleHandleA","kernel32.dll"
bp $RESULT
esto
bc eip
rtu
find eip,#80A5????????FF0F843001000080A5????????FF0F842 3010000#
cmp $RESULT,0
je error
bp $RESULT
esto
bc eip
sti
mov [eip],0130E990
gpa "VirtualProtectEx","kernel32.dll"
bp $RESULT
esto
bc eip
rtu
gmi eip,CODEBASE
mov CB,$RESULT
gmi eip,CODESIZE
mov CS,$RESULT
bprm CB,CS
esto
bpmc
an eip
ret
error:
msg "Cannot find import redirection procedure!"
ret
NiTeCr4Lr
02-14-2006, 02:07 PM
Thnx :)
an noob question :huh: :
how can i use the script?
why not bar
04-23-2006, 09:42 PM
tELock V0.80-V0.9X UnPacK Script
[/QUOTE]
NiTeCr4Lr
04-23-2006, 11:13 PM
got 2 ECL keygens that i cant untElock ..
PEiD: tElock 0.9 - 1.0 (private) -> tE!
help ?!
haggar
04-25-2006, 01:30 PM
Try this one:
/*
===========================================
tElock 0.99 - UNPACKER SCRIPT (c) haggar
===========================================
*/
var temp
gpa "GetClassNameA","user32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtu
sti
mov [eip],#90909090909090909090909090909090#
mov temp,eip
add temp,3F
bp temp
esto
bc eip
sub temp,3F
mov [temp],#81384F4C4C59741981384F574C5F7411#
gpa "VirtualAllocEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti
rtr
sti
find eip,#0F84????000080A5????????FF0F84????000080A5??? ?????FF#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
fill eip,1,90
sti
fill eip,1,0E9
gpa "VirtualProtectEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti
find eip,#8B64240833C0FF642408#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
LABEL01:
sti
mov temp,[eip]
and temp,0FF
cmp temp,60
jne LABEL01
sti
mov temp,esp
bphws temp,"r"
esto
bphwc temp
rtr
sti
rtr
sti
an eip
cmt eip,"<-- OEP! Fix IAT with ImpREC."
ret
ERROR:
msg "ERROR! Sorry :( Exiting..."
ret
vBulletin® v3.6.4, Copyright ©2000-2015, Jelsoft Enterprises Ltd.