Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page TI Interactive! Softlocxed
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-27-2005, 09:22
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
TI Interactive! Softlocxed
The software is Ti Interactive:

URL: fxp://ftp.ti.com/pub/graph-ti/sw-apps/interactive/tiitrial.exe

It is packed with softlocx 5/trialwrap 5.1

If i follow kagra tutorial, everything is fine, and i succesfully unpack the file and restore import table.
When i run it, i see a splash screen for 1 second then the program vanishes and quits.

If i load it in olly it says Access violation when trying to write to....and after some while: Too Long(Recursive?) SEH Chain.

Can someone help me? Don't know where i'm wrong following the tutorial.

My OEP is 1BF5B
Reply With Quote
  #2  
Old 04-27-2005, 16:42
nikola nikola is offline
Friend
  
Join Date: Jan 2004
Location: Your head
Posts: 115
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
nikola Reputation: 0
You can try to get to OEP in packed file and then put BP on access on packers sections. Its possible that program checks for registration or for exe validity by calling packers API. This way you can find where its calling that API from and nop it or jump over it or whatever is needed.
Reply With Quote
  #3  
Old 04-28-2005, 01:02
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
Afaik, Softlocx does not have program Apis or registration screens. The program is a limited trial without possibility of registration.

This problem should be related to new version of packer because:

Tried to Dump Softlocx v5: Oep 1000, Dump OK, IAT Rebuilt with deletion of invalid thunks, Exe RUNS

Tried to Dump Crunch v1.2: Oep 1000, Dump OK, IAT Rebuilt with deletion of invalid thunks, Exe RUNS

Tried to Dump Fusion v2: Oep 1000, Dump OK, IAT Rebuild with deletion of invalid thunks, Exe RUNS

Tried to Dump Digiwrap v2: Oep B27AC, Dump OK, IAT Rebuild without deletion of thunks(no invalid), EXE DOES NOT RUN (SAME AS TI)

Tried to Dump Ti Interactive: Oep 1BF5B, Dump OK, IAT Rebuild without deletion of thunks(no invalid), EXE DOES NOT RUN


So, as far as i can see, the executables that have OEP = 1000(no relocation of oep) and in which i have to delete invalid thunks of import table and fix it, DO RUN, Executables that have relocated OEP but perfect import table recovered by imprec, DO NOT RUN with those errors.

I think that the difference is that some are packed with Softlocx 5.0 and some others with TrialWrap 5.1, so there should be something that go wrong with unpacking this last.

I believe this but not sure. Attached is my unpacked that does not run.
Attached Files
File Type: rar Interactive_.rar (585.4 KB, 9 views)
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 18:26.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )