Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 12-09-2005, 02:57 PM
NiTeCr4Lr NiTeCr4Lr is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Default

i have a TELock v0.98 or newer protected file and PEiD wont wont :huh:
what to do ...

EDIT:
Found UntElock but doesnt support win xp...
Reply With Quote
  #2  
Old 12-16-2005, 05:46 AM
haggar haggar is offline
Member
 
Join Date: Aug 2005
Posts: 13
Default

This script unpacks tE0.98.

Code:
var CB
var CS

msg "Ignore ALL exceptions!!!"

gpa "GetModuleHandleA","kernel32.dll"
bp $RESULT
esto
bc eip
rtu

find eip,#80A5????????FF0F843001000080A5????????FF0F8423010000#
cmp $RESULT,0
je error
bp $RESULT
esto
bc eip
sti
mov [eip],0130E990

gpa "VirtualProtectEx","kernel32.dll"
bp $RESULT
esto
bc eip
rtu

gmi eip,CODEBASE
mov CB,$RESULT
gmi eip,CODESIZE
mov CS,$RESULT
bprm CB,CS
esto
bpmc
an eip

ret
error:
msg "Cannot find import redirection procedure!"
ret
Reply With Quote
  #3  
Old 02-14-2006, 02:07 PM
NiTeCr4Lr NiTeCr4Lr is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Default

Thnx
Reply With Quote
  #4  
Old 04-23-2006, 09:10 PM
h4c4 h4c4 is offline
Junior Member
 
Join Date: Apr 2006
Posts: 1
Default

an noob question :huh: :
how can i use the script?
Reply With Quote
  #5  
Old 04-23-2006, 09:42 PM
why not bar why not bar is offline
Junior Member
 
Join Date: Dec 2005
Posts: 1
Default

tELock V0.80-V0.9X UnPacK Script

[/quote]
Reply With Quote
  #6  
Old 04-23-2006, 11:13 PM
NiTeCr4Lr NiTeCr4Lr is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Default

got 2 ECL keygens that i cant untElock ..


PEiD: tElock 0.9 - 1.0 (private) -> tE!


help ?!
Reply With Quote
  #7  
Old 04-25-2006, 01:30 PM
haggar haggar is offline
Member
 
Join Date: Aug 2005
Posts: 13
Default

Try this one:


Code:
/*
===========================================
 tElock 0.99 - UNPACKER SCRIPT (c) haggar
===========================================
*/

var temp

gpa "GetClassNameA","user32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtu
sti
mov [eip],#90909090909090909090909090909090#
mov temp,eip
add temp,3F
bp temp
esto
bc eip
sub temp,3F
mov [temp],#81384F4C4C59741981384F574C5F7411#

gpa "VirtualAllocEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti
rtr
sti

find eip,#0F84????000080A5????????FF0F84????000080A5????????FF#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
fill eip,1,90
sti
fill eip,1,0E9

gpa "VirtualProtectEx","kernel32.dll"
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip
rtr
sti

find eip,#8B64240833C0FF642408#
cmp $RESULT,0
je ERROR
bp $RESULT
esto
bc eip

LABEL01:
sti
mov temp,[eip]
and temp,0FF
cmp temp,60
jne LABEL01

sti
mov temp,esp
bphws temp,"r"
esto
bphwc temp

rtr
sti
rtr
sti
an eip
cmt eip,"<-- OEP! Fix IAT with ImpREC."

ret
ERROR:
msg "ERROR! Sorry :( Exiting..."
ret
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.