Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
VBOX : Night Mare for crackers
Developed by :
Preview System
Type : Packer
VBOX is realy becoming a tough protection and more over they are
releasing VBOX Builder as freeware :(
In new release VBOX is also detecting SICE and debuggers.
It is realy easy to crack in to a VBOXED application but applying
a patch is really hard.In fravia pages I have read a method to defeat
this packer by hooking AIP calls.
Is this the only method ???
How to defeat SICE detection :
I read this crack from some where else and it works.First of all run
the protected program in a IDE debugger with SICE not active.
The application will stop at INT 3 "User defined break point"
Now step over INT 3 and trace till we reach RET.
Now we are going to the place where VBOX placed this protection.
0x70049E7 JMP [EBP-04] ==> JUMP TO MAIN PROTECTION
0x70049EA XOR EAX,EAX ==> AFTER RET WE REACH HERE
Note down the address 0x70049E7
Now activate the SICE i.e boot your PC with SICE enabled.
Load application in to symbol loader and in SICE
BPM 0x70049E7
And now run the program it will break at 0X70049E7
Now jump to [EBP-04] and when we are inside the protection code
[we will see INT 3 down :)] raise an exception i.e fill the current
instruction with 00 00 i.e change the opcode to 00 00.Now this we raise
an exception.And program will run safely.
The protection is like this if SICE is present INT 3 will be handled by
SICE ,so VBOX knows SICE is present and if there is no SICE the SMC i.e
Self Modifing Code will produce a exception and VBOX will know that there
is no SICE it is safe to run :)
Note that this check is made twice : before nag box and after nag box.
How to crack in to a VBOXED application :
After passing SICE detection routine in SICE BPX DIALOGBOXPARAMA
Suppose that your trial is ended : then click on 'Quit' button
0x70025C3 CALL [DIALOGBOXPARAMA]
0x70025C9 MOV ESI,EAX ==> MAKE EIP = 0x70025DD i.e NETX INSTRUCTION
0x70025CB CALL 0x700278B
........................
0x70025DD POP EDI ==> JUMP TO HERE AND PROGRAM WILL RUN
0x70025DE POP ESI
0x70025DF POP EBX
0x70025E0 RET