Visual Protect

Quick instruction for generate VisualProtect license.

1. Download Visual Protect self.
2. Run visual protect, press Try button.
3. Dump file any tools (for example lordpe).
4. Search in dump string vp100 ( for other prog other string )
5. In visual protect select "create new project",
in "crypto string" set value vp100, trial restrictions - 30 executables,
select any exe-file for protect and save project as visualprotect.vpj.
6. In command line run GLCmd.exe with options:

GLCmd.exe -a g -p visualprotect -r UserName -x 01.01.2010

press Try in MessageBox and you will have visualprotect.vpl - license
with expiration date 01.01.2010.
Copy created license in work directory VisualProtect and start it.

Hi bukkake,
I enjoyed reading your solution for unpacking Visual Protect .
But almost at the finals steps I got stuck.

You said :
"Delete the thunk at RVA 00083818"
Ok I have this thunk and I can delete it.
Then you said:
"double click thunk RVA 003B00E0"
Unfortunately I don't have this thunk and I don't know what to do.
Instead I have 2 other invalids thunks which are

1-000836B8 (Has 65 invalid imports)
2-000830D0 (Has 25 invalid imports)




in short,I have 3 Invalid FThunk that I don't know what to do with them

1-000836B8
2-000830D0
3-00083818

The last one will be deleted.
So what to do with other ones.
Also the address you methined can't be found.
I mean ( 003B00E0 )

By the way,Let me know how you know the we have to delete 00083818
and why we should search for ( 003B00E0 )

I need some explanation.

Could you please let me know what your configuration in IMPREC is?

I look forward to hearing from you.
Regards,
Android.

Quote:

Originally Posted by Android

Hi bukkake,
Instead I have 2 other invalids thunks which are

1-000836B8 (Has 65 invalid imports)
2-000830D0 (Has 25 invalid imports)

@Android,

You asked me on AR forums today how to fix the remainig unresolved pointers. it's easy to find the correct imports (Kernel32 and User32). When I finish my current pending work. I'll post steps on Ar forums on how to correct the invalid imports. I have attached my fixed IAT so that u can compare. Target runs clean.

Regards.

Another quick way to get OEP:

Press Shift F9 -> 16 times till you get the NAG diallog. Press Try button and Shift F9 till target runs. Now look in Stack window. Scroll down till you see:

0012F6B8 00B63BC4 ASCII "Finalizing 0x0047CAE0"

So OEP is 47CAE0. Ok restart the target in olly. Ctrl G and type 47CAE0. Right click and Breakpoint Hardware on execution. Now repeat Shift F9 till NAG dialog and after click on try button Shift F9 2 times and u at OEP.