Results 1 to 9 of 9

Thread: vbox time keeper

  1. #1
    Peronospora
    Guest

    vbox time keeper

    I'm looking at Corel's Knockout 30 day trial protected by vbox 4.3. In particular, at this point, I'm trying to find where vbox hides it's time counter. I've tracked with Regmon and Filemon to no avail. I used Amok's vbox cleaner 1.0 to scan and remove vbox files but when prog reinstalled the day countdown remained the same.
    As an aside, why can't I disassemble prog. with w32asm - just hangs. I've heard this description by others with challenged by vbox.


    Any clues?

    P
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Peronospora
    Guest
    Nevermind. Found it!

    Thanks anyway,

    P
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Hemo
    Guest
    I've faced the same problem. Since you found the solution, could
    you please tell it to me also.

    Thanks in advance,
    Hemo
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    jomamameister
    Guest
    vbox places license files in the c:\windows\vbox usually and are hashed dates.
    jomamameister
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Peronospora
    Guest
    Deleting the licence files doesn't reset the time counter. As far as I can see, there are two vbox entries that need to be deleted (deleting just one or the other doesn't do it). One is a *.bin file in the root directory (C:\) (for Knockout it's os683439.bin - though this likely varies, and the other is a registry entry HCR/CLSID/615557C3.....
    -again this probably varies from prog to prog.

    P
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    my new hair style :) +SplAj's Avatar
    Join Date
    Feb 2001
    Location
    Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria
    Posts
    373

    Cool

    Hi

    There are a lot of tuts around re Vbox4.2/3/5.... esp. +Tsehp

    I have the older VboxBuilder 4.2 and 4.3 (4.5 is/was not public)
    and I also have a prv file so it is possible to play with making
    a protected notepad (duh !) and then register it, unpack it, learn the time trial tricks etc blah blah whatever..........

    I did a web search for these files but failed to find any real link to anyother site than Previewsoft :-( ...... maybe someone found it ?

    If anyone is REALLY interested in doing this then I will find a ftp
    to place the original files for you. I'm sure Li Wei Bin Bam whatever won't mind Maybe exetools will host them ???

    +SplAj

  7. #7
    tsehp
    Guest
    I've tested new rv on latest vbox I could find and it still works, even if the last essay talked about mangled iat scheme, I didn't saw this on lastest version.

    It's easy to locate the reg entries that you have to delete, just check your regmon and look for bizarre entries inside key regs like :
    kjshfksjhfdsdf65s4df6sqdfsdf$$^^%%% for example

    gosh I just love those new smileys
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    oLD SpeKKeLed HeN SpeKKeL's Avatar
    Join Date
    Aug 2001
    Location
    earth....
    Posts
    153

    Talking Not all resolved....

    Today downloaded

    www.ontrack.com/freesoftware/icl2eval.exe Pfff 15MB for a
    prog of nothing (cleans cookies etc..) but Yes V-boxed with 5.0 ! (so that's nice)
    Dumped and rebuilded with rev., about 12 api's didn,t resolve
    So easily found them and fixed them manually.

    Just for the info, Grrrreeetz.......SpeKKeL......

    BTW I shall not ask tseph about the new RV maybe i litlle tired
    after all the Mb-work........

  9. #9
    tsehp
    Guest

    Re: Not all resolved....

    Originally posted by SpeKKeL


    BTW I shall not ask tseph about the new RV maybe i litlle tired
    after all the Mb-work........ [/B]
    it's fully working now, with a new feature against the new aspr
    api emulation.

    I only have to debug the section realigner + add some code to dump targets and it's there. Tracer is much more stable then before (less unstable is better said )

    soon here
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Hi all, it's time for a new interesting tutorial, this time SSlEvIN took time for a j
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: March 5th, 2010, 15:58
  2. vbox 4.6.2
    By arieri in forum Malware Analysis and Unpacking Forum
    Replies: 16
    Last Post: February 1st, 2004, 23:59
  3. vbox vs procdump
    By zare in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: August 29th, 2001, 10:44
  4. Time keeper or Killer????????????
    By Tug in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 22nd, 2001, 12:01
  5. some vbox-help needed
    By Silent in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: March 1st, 2001, 20:41

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •