PDA

View Full Version : TELock ...


NiTeCr4Lr
12-09-2005, 02:57 PM
i have a TELock v0.98 or newer protected file and PEiD wont wont :huh:
what to do ...

EDIT:
Found UntElock but doesnt support win xp...

haggar
12-16-2005, 05:46 AM
This script unpacks tE0.98.


var CB
var CS

msg "Ignore ALL exceptions!!!"

gpa "GetModuleHandleA","kernel32.dll"
bp $RESULT
esto
bc eip
rtu

find eip,#80A5????????FF0F843001000080A5????????FF0F842 3010000#
cmp $RESULT,0
je error
bp $RESULT
esto
bc eip
sti
mov [eip],0130E990

gpa "VirtualProtectEx","kernel32.dll"
bp $RESULT
esto
bc eip
rtu

gmi eip,CODEBASE
mov CB,$RESULT
gmi eip,CODESIZE
mov CS,$RESULT
bprm CB,CS
esto
bpmc
an eip

ret
error:
msg "Cannot find import redirection procedure!"
ret

NiTeCr4Lr
02-14-2006, 02:07 PM
Thnx :)

h4c4
04-23-2006, 09:10 PM
an noob question :huh: :
how can i use the script?

why not bar
04-23-2006, 09:42 PM
tELock V0.80-V0.9X UnPacK Script

[/QUOTE]

NiTeCr4Lr
04-23-2006, 11:13 PM
got 2 ECL keygens that i cant untElock ..


PEiD: tElock 0.9 - 1.0 (private) -> tE!


help ?!

haggar
04-25-2006, 01:30 PM
Try this one:



/*
===========================================
tElock 0.99 - UNPACKER SCRIPT (c) haggar
===========================================
*/

var temp

gpa "GetClassNameA","user32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtu
sti
mov [eip],#90909090909090909090909090909090#
mov temp,eip
add temp,3F
bp temp
esto
bc eip
sub temp,3F
mov [temp],#81384F4C4C59741981384F574C5F7411#

gpa "VirtualAllocEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti
rtr
sti

find eip,#0F84????000080A5????????FF0F84????000080A5??? ?????FF#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
fill eip,1,90
sti
fill eip,1,0E9

gpa "VirtualProtectEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti

find eip,#8B64240833C0FF642408#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip

LABEL01:
sti
mov temp,[eip]
and temp,0FF
cmp temp,60
jne LABEL01

sti
mov temp,esp
bphws temp,"r"
esto
bphwc temp

rtr
sti
rtr
sti
an eip
cmt eip,"<-- OEP! Fix IAT with ImpREC."

ret
ERROR:
msg "ERROR! Sorry :( Exiting..."
ret