View Full Version : Vbox 4.3 questions
Poltergeist
03-19-2001, 09:37 PM
Has anyone tried unwrapping CorelDraw 10 trial? I've been playing around with this, but so far no luck (I think it's mostly my unfamiliarity with Windows based cracking, however). It seems to be protected with Vbox 4.3 (vboxm431.dll, vboxt431.dll, vboxz432.dll are the dll files in system dir.) The 'target' files are a bunch of small executables (coreldrw.exe, corelrve.exe, etc) which bootstrap larger .DLL files (coreldrw.dll) -- the large DLL files do not seem to be encrypted. The Vbox 4.3 generic unwrapper by UCF crashes back to Win2000, and I can't seem to make a working .exe through sice/procdump. I read the essay by Marigold to try to get some background on this protection, although it was written for 4.03. Looks like things have gotten a bit tougher since 4.03. (Was looking into doing the memory-patch trick with the .DLLs -- decided it would be easier to remove it altogether). Any hints/ideas/etc? Thanks
bAZiK
03-20-2001, 03:15 PM
Poltergeist (btw, are you German?),
I've done some VBOX reversing at MGI and Total-Idea Products (VBOX 4.3). If you beat VBOX one Time, it's quiet easy! Took me about 5 hours for the first App, 5 for each next ;-)
Where can I get the Corel Draw Trial? (I'll look at Corel.com in a few minutes). If you are interested, I can give you some Tips on reversing VBOX!
regards,
bAZiK
http://www.AmoK.am
Poltergeist
03-20-2001, 07:39 PM
I (somehow) got it to work today.. I was following the "How to manually remove Vbox 4.3 tutorial", and it wasn't working under Win2000. Tried again on a Win98 machine, and it worked fine. With Win2k, everything seemed to be going according to the tutorial, but the dump resulted in an "invalid executable file" according to the OS. I used Sice/Sice Backdoor Keeper/ProcDump. Will post more details tomorrow.
splaj
03-21-2001, 08:20 AM
Hi Polti
With NT did you try to 'rebuild' the dump exe with PEditor 1.7 to fix up the PE header correctly ?
SplAj
bAZiK
03-21-2001, 09:59 AM
Hmmm....I think, as SplAj said, you need to rebuild the file with PEditor with option "make pe header nt/2k compatible". Worked fine for me on 9x/NT/2K/ME.
(used TRW2K, ProcDump and PEditor for unpacking)
bAZiK
Cps530
03-22-2001, 01:43 PM
I'm experiencing the same problem. Where can I get PEditor 1.7 from?
Thanks.
bAZiK
03-24-2001, 05:58 AM
www.freak2freak.cjb.net
or
www,protools.cjb.net
vBulletin® v3.7.4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.