Page 1 of 2 12 LastLast
Results 1 to 15 of 25

Thread: Visual Protect i need Help :)

  1. #1

    Visual Protect i need Help :)

    hello, please i have problems to umpack this applicatiosn

    its packet whit visual protect.. (the program its visual protect too )

    please i whant to learn how unpack this protection.. thanks.

    SiLvEr StOrM
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    +SplAj made a license for it long time ago. Please search.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  3. #3


    thanks for answer.. frien.. but i want to know how unpack a application packed whit that program.. please can you teachme...

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    which version of VP is it?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    version 3.1.6
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    It's been a long time since I looked at VP, so I'll take a look tonight and let ya know.

    In the mean time do some searching for tutorials on older versions as they might give you a clue as to how to proceed
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Hi Silver Storm,

    Where are you having problem with? It is fairly simple to unpack.. here are some hint

    find IT table, bpm it
    then bpx getprocaddress
    watch the IAT deciphered, yeah interestingly, the IAT AsCII are ciphered :> (gosh, or am i reading gtoo much crypto :>?/)
    after you exit the IAT updating loop, F12 once or twice then trace with F10, you will see soon enough a jump [ebp-4], or something liek that :>

    Good luck...

    Hmm, really obscure protector, i have yet to find any app protected with it yet... the license file doesnot seem a problem when i wrap my notepad...?? Do you know any app protected with it?

  8. #8
    All the products from the same company of VP are protected with VPhyyp://

    Originally posted by binh81
    Do you know any app protected with it? [/B]
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  9. #9
    Hello binh81 !

    If the license file doesn't seem to be a problem, try the applications from Visage.
    Start with VisualProtect, then try Easy PDF. They will work fine.
    But now try Windows Help Designer, both WinHelp and HTMLHelp edition. A wrong license file will say "Invalid License", a correct license file will crash the program.
    And I don't think they make nonworking copies of their software availbable for download.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    HI Dakien, solomon...

    Just curious... the website is f****** slow... i have been downloading for an hour, 0.50kb/s???? nah but that is beside the point...

    Correct me if i am wrong, but it seems that this protection is useless as a general protection as if we use VP to wrap another exe file, not developed by Visage, then once unwrapped, the license file and VP.dll aint gonna matter anymore? They only matter for Visage product itself because these features are integrated into the exe...

    Maybe this why it is not used by any other software developing company? :>

    Cheers, i will post here again should i encounter any difficulties... man, 1:5:49 more... this company CAN NOT MAKE IT... even slower than M$ website...

  11. #11
    Hello binh81 !

    You're right, but this happens not only with Visual Protect, but with any protector using just a wrapper and no callback functions the program could call or environment variables which could be checked.

    I don't think they've implemented anything special in their help designer programs, but when I've tried to generate a license for them, they crashed.
    I tried all options available, but I couldn't get them to accept my registered license file. They accepted my license file with a 500 day trial with no problems, but crashed when trying to use my registered license file.

    I had no problem with registering Visual Protect itself and Easy PDF.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    Hee Dakien...

    You are too fast for me... i am still figuring out how to generate the license file... i have been living with patchign alone... cos i was hoping that it will be more generic to remove the need for license file and VP.dll altogether....

  13. #13

    Angry Stuck somewhat ;)

    Hi binh/Dakien:

    Okay, glad to join the party of VisualProtect .

    Yes, binh81, this one is doing the decryption via VP.DLL. Somewhere in the code woods it loads the VP.DLL and GetProcAddresses the exports 1, 2, 3, 5 and then checks for valid address values. I also managed to find the OEiP (just by tracing manually this time ).

    Found the "magic bytes" - FF,65,FC JMP [EBP-4] 00*92304

    But what baffles me is that when I run the the dumped file, it gives me "License File Error. Could not locate license file, please reinstall the software" (whereas the .vpl file is very much present)

    So, I debugged ...

    I found that the VP.DLL is being called and there are a lot of code snippets that do this:

    CMP EAX, [EDX]
    JZ/JNZ etc

    I bypassed all this successfully and reach the point where the original app puts the Nag box. Ofcourse, we wouldn't have it in the unpacked proggie right? So i bypassed this and noted that on clicking Try in the original app, it puts EAX = 1 in the original app. So I patched this place to

    MOV EAX, 1

    But when I run this, VP crashes on me

    Any tips/pointers on how you guys avoided the license not found dialog and other tricks? Just tips will do

    -- FoxThree

    PS: I don't find the IAT redirected or encrypted. Do we need to run RV on this. I don't think so but just in case
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Hi Fox3,

    welcome on board, have not much time and inspiration to look into this yet, but well..

    IAT ASCII was encrypted.... decrypted in memory and loaded, revirgin wont work... the redirected scheme is simple
    mov eax, xxxxxxxx
    jmp eax

    Yet revirgin fails to trace... think Tsehp not working on this cos VP isnt a popular protector....

    Regarding license file, i have yet to manage to make a full license like SplAj said in his post last year, was Feb 2001 :>.... dig out the forum archives :>... yeah i patched as you said, and continue patching :>.. i trace witht he orginal exe and my dumped exe, find the different jumps and patched accordingly, think i made 3 or 4 patches for it to work.. not very neat though... (hint : dump VP.dll and use IDA, you will see a lot clearer... with lots of nitty check made in VP.dll)

    I tried unpack VP.dll itself but somehow unsuccessful... dont know why... maybe someone can shed some light???


    P.S : fox3, do check your IT cos i am pretty sure that IAT ASCII are encrypted.... have fun

  15. #15
    my new hair style :) +SplAj's Avatar
    Join Date
    Feb 2001
    Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria

    Visual Protect ....

    VP, licence & unpacking

    Ok, I found the target from my archive. I 'did' v 3.1.5 . First of the licence scheme is easy to fool. My RCE licence trick still works.

    Unpacking was a bit trickier. I remember that KERNEL32 API calls were decrytped to a lookup table. RV did not manage to trace them.......but now with 'plugins'

    Ok, I dumped the exe at oeip, dumped the best part of IAT with 'save resolved'. Then dumped the whole KERNEL32 API calls from memory to disk and used UltraEdit to get them in a usable linear format , Pasted this into RV resolved.txt output , reloaded RV and target, loaded rv resolved.txt , Resolve again and rebuilt complete IAT.

    It was a coupla hours to do that.

    Hope that helps.

    Carve my name into your arm :)

Similar Threads

  1. Again on Visual Basic
    By Reversing It Out in forum Blogs Forum
    Replies: 0
    Last Post: January 21st, 2008, 21:51
  2. App using Visual C++ 7.0 Method2
    By VeeDub in forum The Newbie Forum
    Replies: 11
    Last Post: November 12th, 2006, 17:44
  3. Protect with asprotect! arghhhh!
    By mrbar in forum OllyDbg Support Forums
    Replies: 15
    Last Post: July 2nd, 2005, 14:08
  4. Visual Basic 6
    By tobibot in forum OllyDbg Support Forums
    Replies: 1
    Last Post: January 29th, 2005, 06:59
  5. Does As-Protect use "Exception handling"?
    By riPPadoGG in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: December 14th, 2001, 03:23


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts