Results 1 to 5 of 5

Thread: RV Tracer (not for the apis...)

  1. #1

    RV Tracer (not for the apis...)

    I've read a lot about how you should use revirgin on win2k because it is faster than icedump's tracer + you don't have to install w98 (yay!).
    ...but I have never been successfull in using RV-Tracer. Guess it was SOME time since it got beat, but is there not a way to get it working again?
    I ask because I'm a stupid lazy clueless newbie who wich not to install w98...
    besides I couldn't even get a copy of system commander and I already have w2k installed and no other computer, so it seems like a lot of trouble to go through...
    But it disturbs me not to be able to unpack a lot of proggies...


  2. #2
    Hi Manko,

    What cant you unpack without a tracer?

  3. #3
    Registered User
    Join Date
    Oct 2001

    A question..

    Hi Crusader,
    A question (it may sound stupid, but....):
    How would you find the dips in Asprotected proggies if you can't trace with /tracex or revirgin (or the infamous loader that's floating around)?

  4. #4
    That's pretty much what I was going to say.

    Though I reallise I shouldn't have to rely on tracers and stuff if I was a real (good) reverser...
    Wasn't it you, crusader, who wrote a tut where you reversed the dll of an aspr? It might be easy for you but when the only working "tracer" on w2k (read something loader) doesn't work with an aspr, I lack the skills to either reverse the loader or the aspr, so I'm beat...

    Last edited by Manko; December 4th, 2002 at 00:21.

  5. #5
    Neccessity is mother of all invention i guess... i started out cracking on win2k so i never had the luxury of using icedump... so i have grown used to not having a tracer...

    Regarding Aspr... there are ways of finding dips... if you want to dump and reversed aspr.dll i can help... aspr create a table of all the dips before OEp so if you can dump it, you can tell where aspr is going to dip...

    You can do bpm 401014 x then trace on a bit and dump from there, or you can catch the IAT redirection routine and dump from there, or you can try finding the push series as i wrote on the tutorial which forms the skeleton of aspr.dll... there are ways i guess... even the Solomon ntcontinue trick will also works...

    Ah well...

Similar Threads

  1. DotNET Tracer
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 13
    Last Post: February 2nd, 2012, 18:05
  2. dotNET Tracer 0.6
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: June 17th, 2009, 05:20
  3. dotNET Tracer 0.5
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: June 14th, 2009, 15:37
  4. How can I bpx the WINSOCK apis (with SoftIce)?
    By bood in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: March 4th, 2002, 14:08
  5. VB6 apis. Where do I get info on them ???
    By aimless in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: January 17th, 2001, 02:52


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts