Results 1 to 8 of 8

Thread: HASP HL - envelope problem

  1. #1
    Pii
    Guest

    HASP HL - envelope problem

    hi

    I'm trying to remove envelope from HASP HL protected software. The problem is, that when I try to resolve APIs with Imprec (level3, trap flag tracer) application suddenly terminates. It's obvious that the envelope somehow detects my manipulations.

    HL implements techniques different than SL - IsDebuggerPresent / ZwQuery.. trick is not the case.

    I tried HideToolz v2 to hide ImpRec, but this wasn't helpful. OllyDbg ExeCryptor edition isn't detected by the envelope, but this mod. contains so many plugins that deactivating every single one just to check if it's triggers detection would be pretty boring.

    My questions is: does anyone here had similiar problem? I'm not familiar with antidebugging techniques and I've no idea how the detection is performed.

    Regards,
    Pii
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by Pii View Post
    h The problem is, that when I try to resolve APIs with Imprec (level3, trap flag tracer) application suddenly terminates. It's obvious that the envelope somehow detects my manipulations.
    Disclaimer: I am not an expert in unpacking.

    BUT: ImpRec built in resolution methods have been, for the most part, bypassed and neutralized by crypters/packers since the early 2000s, so I would NOT relay on them at all for API resolution very much in any new software package.

    What you are describing is an anti ImpRec device indeed but the way to bypass it is probably not an anti Imprec detection plug-in but analyzing the software API redirection tricks.

    I hope other, more hands on people in here can give you more specific advice

  3. #3
    I found this in my harddisk; probably can help you...

    CRACK DELETED

  4. #4
    cEnginEEr:

    Apparently you STILL HAVE NOT READ THE FRIGGIN FAQ!!!

    Had you previously done so, you would know better than to post CRACKS on this FORUM!!

    Now actually READ THE FAQ and follow its Rules or suffer the consequences! You will not be warned again, you will just be a "goner"!

    Regards,
    JMI

  5. #5
    Sorry JMI; I didn't mean violation of rules...but did you read the pdf; it wasn't a crack; just a tutorial on how to remove Hasp-hl envelope.

  6. #6
    Well, it was 3:00 am, my time, when I looked at your previous post and I can't think why anyone would believe something labled "Hasp-HL Crack" might actually be a "CRACK."

    However, I DID look at the attached file before I posted my Reply and in the first page it contains the following statement:

    "This document explains how to crack and bypass the security of HASP-HL"



    Now, DID YOU READ THE FRIGGIN FAQ????

    Which part of:

    "DO NOT POST THE NAME OF THE SOFTWARE COMPANY THAT MAKES THE PROGRAM. DO NOT POST TARGET SPECIFIC CODE THAT INCLUDES THE NAME OF THE TARGET: this means do not post code that shows where and how to patch/keygen blah blah blah on a specific target"

    DO YOU NOT UNDERSTAND?????

    Which part of YOUR BRAIN fails to grasp that posting "specific code" which shows how one might "remove" a "specific software protection system" violates this prohibition?

    One of the other Rules also "mentioned" in the FAQ is that posters are required to "search" for their own solutions to their problems BEFORE they post their questions in these Forums. Assuming that this "attachment" actually works, all you should have done was to remind the poster that if he searched on the net, HE should find discussion of what HE was attempting to accomplish.

    Regards,
    JMI

  7. #7
    Registered User sataron's Avatar
    Join Date
    Sep 2006
    Location
    Planet Earth
    Posts
    45
    I`m use Olly + Olly Advanced 1.26 b10 - and all work fine Hasp HL envelope cant find Olly. And Imprec - try use in manual mode.
    ~ I`m Like It ~

  8. #8
    Pii
    Guest
    It turned out that the newest HASP envelope incorporates techniques to defeat ImpRec's tracers, so this couldn't work.
    I wrote some Olly scripts and recovered all imports successfully, tho .

    I won't post them, since that's against the friggin FAQ.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. HASP HL - conveter to .reg problem,Pls help me
    By SmallIT in forum The Newbie Forum
    Replies: 0
    Last Post: July 15th, 2009, 09:50
  2. new HASP envelope
    By separator in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: January 1st, 2007, 14:59
  3. Problem after removing HASP envelope
    By nasty in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: March 3rd, 2006, 23:16
  4. Hasp 3 dos exe envelope
    By sadistcef in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: May 1st, 2004, 13:39
  5. hard1ock envelope without dong1e?
    By swissknife in forum Advanced Reversing and Programming
    Replies: 20
    Last Post: March 30th, 2004, 13:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •