Hi folks,

Im currently having a play with unpacking SVKP.
The unpackme's are easily solved, and so are a few other apps.

But this app puzzles me...

The stolen bytes seem to be some kind of psuedo code, nearly 600 lines worth.
So I added the Virtual Allocated section to the dump and diverted the EP.
But it then becomes machine specific because of the emulated api.

Begin Stolen Bytes: 0052D1E4
End Stolen Bytes: 0052D24E

I have resolved these pointers:
0 00152180 ? 0000 00F79B75 > 1 00152180 kernel32.dll 01DB GetVersion
0 00152184 ? 0000 00F7AB8B > 1 00152184 kernel32.dll 01DC GetVersionExA
0 00152188 ? 0000 00F6AE6C > 1 00152188 kernel32.dll 0176 GetModuleHandleA
0 00152268 ? 0000 00F69E56 > 1 00152268 kernel32.dll 013C GetCurrentProcess
0 001534E4 ? 0000 00F7BC35 > 1 001534E4 user32.dll 01DD MessageBoxA

Could someone confirm if these are correct?

But still have these left:
0 0015332C ? 0000 00F764E6
0 00153330 ? 0000 00F78B53
0 00153334 ? 0000 00F71E99
0 00153670 ? 0000 00401000

Any help on this matter would be greatly appreiciated.

(Also anyhelp on cracking it, the whole reg routine hinges on one byte @ 005C3FAC, but sometimes it wants it to be 0 sometimes it wants it to be 1!, makes no sense!)