|
|
#3
05-24-2005, 19:38
|
||||
|
||||
|
Hi jonwil:
First, take a look at the following thread: ActiveM***, in http://www.exetools.com/forum/showthread.php?t=7013 maybe there you will get a clue. Could you tell us which is the program you are dealing with? I have totally rebuilded and working "Chuzzle Puzzle", that has the same AM version 5.41.1210. I am hard testing an already developed generic unpacker but not yet published, because sometimes the program rebuilded, even working well, ask for the CD. And another times, rebuilded program says things like: "You need Shockwave Player 8.5 installed in your PC". I want a totally free of errors unpacker, giving always a working program, before publishing it. The OEP, as I said in a post in the above thread, when edited in an hex editor, is below the string '_com_err': is the first value you find in that column that is bigger than the position of the first section and smaller than the position of first section plus the size of first section. In your rebuilded program, you still need to fix all the call's and mov than uses redirections to AM functions. AM picks fetch to functions of some DLL and rewrite them to call to AM functions, that are controlling the trial time, the registration of the program, and so on. All of them all always preceeded by a nop. Good luck in your research! Cheers from Spain!  Nacho_dj 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Does Trymedia Activemark do encrypted data files? | jonwil | General Discussion | 3 | 05-26-2005 19:13 |
| Trymedia's ActiveMark Protection?!?! | Seventh | General Discussion | 7 | 10-25-2004 14:36 |
Threaded Mode