VBox 4.1脱壳

核心提示：其实VBox 4.1脱壳和VBox 4.0.3 脱壳时的入口点差不多，可以手动脱或 Procdump脱，VBox 4.1脱壳，这里附一篇英文的文章， You may have already heard of TR&TRW. It is a wonderful debugger provided by Liutaota

其实VBox 4.1脱壳和VBox 4.0.3 脱壳时的入口点差不多，可以手动脱或 Procdump脱。这里附一篇英文的文章。

You may have already heard of TR&TRW. It is a wonderful debugger provided by Liutaotao.
I could't say have much I like it. VBOXT410.DLL can't find TRW at all. I could't give you a patch for VBox. I just can tell VBox how to work.

First of all, install the VBox builder (you need to get a . prv file from their webserver, so connect to the internet for this and fill the form needed). Then choose a .EXE file to protect (you could choose also a .DLL or an .OCX, but choose an . EXE because it's better and easier for cracking purposes. I choose Official phrozen crew trial crackme) and wrap it with VBox using the builder (choose now the Trial days protection).

Now the fun begins. And as we can easily see, the whole VBox protection scheme consist of only one dll which is copied into your \WINDOWS\VBox\command directories. The name of our target DLL is VBOXT402.DLL. It is packed.

Step 1

Let's change time to 30 days later. Now you can run CRACKME.EXE. When VBox window appears, CTRL-N, enter TRW. You can use 'hwnd' to find VBox window's hwnd. Something like xxxx.

bpmsg xxxx wm_destroy - just like in SoftICE

g - come back to VBox

Press 'quit' button.

Now you are in TRW.

bc * - clear break point