Page 4 of 8 FirstFirst 12345678 LastLast
Results 46 to 60 of 114

Thread: u talk about me :)

  1. #46
    tsehp
    Guest
    Originally posted by evaluator
    Hi, Daemon!

    As I found same IAT-redirection trick uses also telock98(at least).
    My question is for history purpose:
    How is author of this trick?

    Hi, Tsehp!
    If Solodovnikov will add this trick to ASPRotect...
    You can close your RV project...
    OR you must force your tracer to trace until real EXPORT. Is this possible???

    My suggestion:
    1. Lets make big pause in RV project!
    2. Collect new anti-tricks
    3. Come back with turbo-enhanced RV
    sorry but it seems that you really don't know how rv works...
    let me explain :
    I first coded some disasm code to fix the first schemes, first instr api executed then jmp to real api, or api call redirected, and it was working fine, just like imprec on first days.

    Then aspr, vbox and other schemes began to mangle their iat calls, it was almost impossible to code a disam to decrypt/demangle them, so the tracer was began 10 days after first rv version.

    Actually, 90% of my work is focused on the tracer, just because when this tool runs, it gets the first priority on the system and executes the apps, iat calls, everything.

    This tracer serves iat resolving, and the only way to avoid it to go inside the api is to emulate the api... alexey made a first attempt with simple ones, but I also emulated them, so this was easily fixed. If someone tries to emulate all of them, he will have to build a different version for every kind of windows and every build

    Like theOwl said in past posts, the tracer is a very important tool, It can also be used to dump programs, just like icedump on win9x, and later could also be used to build a boundschecker-like program, used to make all kind of reports you want, maybe opening it's behaviour and make it react with a script language could be very interesting.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #47
    tsehp
    Guest
    btw, Daemon, I have to thank you for your anti tracing features
    that are actually solved.

    can you do more please ? I feel I'm close to whatever was possible to invent, but I'm sure you can surprise me on a new version maybe ?

    best regards,

    tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #48
    ^DAEMON^
    Guest

    hehehee

    yeah sure i think i'll add r0-tracer instead of my lame "r3 engine" which is really damn slow ))

    actual version is beta 6.5....

    but wait i've got exam soon.... 2 weeks exactly

    ^DAEMON^
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #49
    tsehp
    Guest
    and what will this change ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #50
    ^DAEMON^
    Guest
    @ least a nice speed improvement!
    have u seen the carry flag trick in it ??? dp-teunlock....
    maybe u have some advices for me

    till then....

    ^DAEMON^
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #51
    tsehp
    Guest
    carry flag ?
    I only fixed the seh that is called to generate the key, used to decrypt the code after the loop that calls this seh itself (pofd with tf flag set)

    rv was loosing control after this.

    can u locate me this carry flag trick inside dp-borg2 to see what happens ?

    tia

    tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #52
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    Viva Tsehp!

    Viva Tsehp!

    Today I successfully tested your TRACER with these protections:

    PCGUARD (latest)
    TELOCK 0.98
    PE-PROT 0.9
    also DAEMON'S protected file "DP-Borg2.exe"

    This is GREAT! For example "GUW32 v1.0 beta8" can't trace these apps.

    Failed for trace:
    PELOCKnt v2.04
    DAEMON'S protected file "DP-tEunlock.exe"

    ***
    Now my STORY about tracing unresolved IAT entries:
    When in my WIN98SE I choose unresolved entry and click on TRACE command...
    my PC immediately RESETS.
    This is new for me in new version. In older versions RV and program only crashes.
    End of STORY.
    ***

  8. #53
    Shaolin
    Guest

    Talking

    lol, another one wich has problems with latest RV on Win9x?
    Wtf, all guys in here are using Win2k? I tested latest RV on a different comp with Win98, and if I select tracer it crashes the computer! Anyway, for Win95 users it can turn into a real drama, but I won't talk about this anymore because I don't want my post deleted again.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #54
    Go ahead post away. you have until Sunday night until I start deleting.

    Woodmann

  10. #55
    Lord_Soth
    Guest
    hey tsehp,

    I've never used your tracer, or that of IceDump unfortunately..
    Remember that I once asked you about a tracer, for a
    tool I wanted to code ?
    This that will work ?

    LS
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #56
    tsehp
    Guest

    Re: Viva Tsehp!

    Originally posted by evaluator
    Viva Tsehp!

    Today I successfully tested your TRACER with these protections:

    PCGUARD (latest)
    TELOCK 0.98
    PE-PROT 0.9
    also DAEMON'S protected file "DP-Borg2.exe"

    This is GREAT! For example "GUW32 v1.0 beta8" can't trace these apps.

    Failed for trace:
    PELOCKnt v2.04
    DAEMON'S protected file "DP-tEunlock.exe"

    ***
    Now my STORY about tracing unresolved IAT entries:
    When in my WIN98SE I choose unresolved entry and click on TRACE command...
    my PC immediately RESETS.
    This is new for me in new version. In older versions RV and program only crashes.
    End of STORY.
    ***
    1- can you save me some time and send me url for pelock + dr-teunlock.exe please, I'll take a look.


    2-when the tracer doesn't find a valid api address, or is simply leaded to a ret into special iat entry, it just rets and goes wild.
    Windows just can't intercept it, because of ring0 proviledges and this simply leads to a reboot/bsod/crash
    I had a lot when I first coded it and that's not finished, but never had some damages on my hd ;-)

    I have to code a protection that will stop it before it rets out of iat entry pretty soon, that's why beta is still inside rv actual build...

    spekkel alredy sent me sw3 that holds two crashing entries, I'll normally have the time to fix them sunday/monday.

    regards.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #57
    tsehp
    Guest
    Originally posted by Shaolin
    lol, another one wich has problems with latest RV on Win9x?
    Wtf, all guys in here are using Win2k? I tested latest RV on a different comp with Win98, and if I select tracer it crashes the computer! Anyway, for Win95 users it can turn into a real drama, but I won't talk about this anymore because I don't want my post deleted again.
    Shaolin, before I begin again to delete your posts :

    1-a really big bunch of users, including me uses this tracer on win98, so be professional and tell us :
    -the app + url
    -iat entry
    -method you used
    And you will be considerated, otherwise, deleted...

    2-where did you see that rv was supported on win95 ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #58
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    Hi, Tsehp!
    "dp-teunlock.exe" is here! Cluesurf submitted
    as attachment "dp-teunlock.zip"! Look at fourth replay in this thread.
    (attachment.php?s=&postid=8939)

    About "PELOCKnt v2.04" protection.
    I have Gabler's old protector "PE-PROT v0.9"
    This file is first time internally protected (2nd section),
    then with "PELOCKnt v2.04", then selfprotected.
    From start to 407000 RVtracer is successfull, then crashes.
    You can find "PE-PROT" at "exetools.com".

  14. #59
    Shaolin
    Guest
    evaluator, as far as i know PE-PROT doesn't mess with import table, but I might be wrong.
    tsehp, the *tracer* hangs on my Win95 with any packer/protector I tried...Now I understand the problem and why it crashes like that, and it's indeed quite difficult to find a reliable solution...Anyway, I think u shouldn't have done of it a PUBLIC beta, but only a beta for your betatesters. ehrm, enough critics hope u will fix that soon
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #60
    Shaolin
    Guest
    oh, were did I see that RV is supported on Win95?
    Well, a quote from your "Documentation":

    added an auto kernel patcher, so revirgin should work on every win9x past and future versions.
    When someone says Win9x I also think at Win95 anyway.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How to directly talk to USB device?
    By cEnginEEr in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: June 3rd, 2009, 09:44

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •