Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Trouble with a VBox prot
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 09-22-2006, 04:11
Naides Naides is offline
Friend
  
Join Date: Mar 2005
Location: Planet Earth
Posts: 40
Rept. Given: 7
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 21
Thanks Rcvd at 10 Times in 7 Posts
Naides Reputation: 2
Yes.

I am not completetely familiar with the rules of the board, so I will mention the app by name. please correct me if it is not proper.

The demo version of Photoshop CS (Not CS2) came packed with Vbox 4.3 Several of it plug-in files were Vboxed. The files had weird extensions .apl, but were in fact .dll in disguise. They had a valid PE format and IDA recognized them as .DLL and disassembled them.

There was no major problem in finding the OEP and dumping them, using Olly: I placed a BP on execution (Using a patched version of olly) to the whole .text segment.

Repairing the IAT was a harder problem, because IMPREC got lost while searching for imports. I had to reconstruct the IATs manually, which is a major pain.

So Vbox packed dll can be unpacked using near-standard methods
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vbox 4.6.2 LetMeIn General Discussion 4 10-29-2004 11:10
C4033 trouble. pigman General Discussion 1 08-09-2004 02:10


All times are GMT +8. The time now is 01:12.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )