[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sections in unpacked softSentry doesn't work on WinNT

To: exelist@yahoogroups.com
Subject: Sections in unpacked softSentry doesn't work on WinNT
From: mame user <mame2099my@...>
Date: Sun, 3 Nov 2002 17:42:34 -0800 (PST)

(skip 1st para. if not necessary...)
one of my buddy asked my to fix an executable which
can be downloaded from http://www.cmg.com/wds or
http://www.cmgwds.com/ . it is a professional tool and
costs thousand dollars ($40,000.00) if i'm not
mistaken. take a look at that stuff :) btw it is *not*
the only thing but it does come with full packages and
license for a cellular company (which my friend is in)
for a whole country broadcast. sounds good. but that
program, MMT which is available in three flavours OIS,
SMPP & UCP doesnt come all the way together, so if we
want to test it we have to pay for that whole dollars
again. but not that's the problem. my friend is making
tests so he needs all the modules (again, for him, not
the company he worked) but the program works only for
a mere 5 days! and can't be installed ever again on
that pc. what a useless piece of thing then... (note:
u have to register to download it at developers'
section)

so i take a look, and on the spot i know it's
softSentry 20/20. i never dealt with this stuff. so i
checked procdump if it's there and yes it is. said
that you have to remove 2020 section, garbage bla bla
.. ok. 1st attempt it crashes pd. i try again, user
conf. worked. luckily i did on win98 coz on xp and
athlon, pd will always crash (somebody please check
this for me). so i got the unpacked file. worked on 9x
and xp.

the problem is this: those garbage stuff. i fixed the
sections but not much app. is out there that can do
automatically to i have to calculate and do it by
hand. i knew some crackers out there just ignore these
even their cracked PE structure is illegal (especially
unpacked games .exe file) but i want it perfect. some
tools just make it worse (im not saying which is yet,
but its all avail. on http://protools.cjb.net look for
the PE rebuilder tools). so currently i end up with
two choices:

1. unmodified PE structure with 'null caves' all over
the body which is suprisingly legal on winnt. so 9x
and nt both runs it.

2. a smaller PE with restored sections (removed those
extra) but illegal under nt. executable only on 9x. to
make it work on my winxp, i packed it with UPX.
surprise! it runs on XP!

my question here is:
a. how to properly fix softSentry unpacked files?
(revirgin? i never tested since i dont like installing
apps. i use only no-install stuffs)
b. why does those 'illegal' file runs under NT when it
is packed?

p/s: PEVALID says the image section size is wrong. i
failed to work on it. weird thing is it advises to set
the PE header checksum to 0x0 which UPX did too, but
doesnt make sense i think. my problem is the body
sections, not the header. i look forward for a 
solution here if avail. TIA.


__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/

Prev by Date: Re: [exelist] hide softice
Next by Date: Intel instruction set
Previous by thread: rscc_120.zip
Next by thread: Intel instruction set
Index(es):
- Date
- Thread