|
|
#1
04-19-2005, 13:42
|
|||
|
|||
|
hasp/sentinel envelope(s) infos
as a tradition, hasp envelope util ( sdk v11.0 and below ) hook following functions from importe table...
KERNEL32.DLL!GetProcAddress KERNEL32.DLL!ExitProcess in order to increse level of obfuscation, hasp envelope util ( sdk v12.0 and onwards ) started to hook many more functions from important system dlls, KERNEL32.DLL USER32.DLL ADVAPI32.DLL SHELL32.DLL and more... internally, each iat function is assigned unique # and it is mapped into a bit table indicating it is hooked or not ( ie. 1 bit per iat function ) so in order to successfully recover full iat with valid functions, one must find a code location in .protect section of hasp envelope where this test is performed, and if we patch it in manner that no function is hooked, we can easy recover needed information. note: with such trick, still above mentioned two functions need to be corrected! on the rainbow sentinel part, the envelope is pretty simple and straight it contains no obfuscation as such except very well developed big switch/case kinda structure and pcode format ( documented on CrackZ pages w/o proper respect given to it's author ie. me! ) Thanks... 
|
| The Following User Says Thank You to ketan For This Useful Post: | ||
Tomy73 (05-23-2021) | ||
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| HASP Dos envelope | AVLab | General Discussion | 0 | 10-08-2003 03:37 |
| hasp envelope v7 | VirtualM | General Discussion | 1 | 08-22-2003 16:58 |
Threaded Mode