I installed MicroEdge's Visual SlickEdit 6.0a. It's protected with VBox 4.3 (I think). I followed +Tsehp's VBox 4.3 tutorial, but the execution path doesn't follow the same path!

The tutorial shows execution going to here:
015F:011604E0 MOV EDX,[EBP-08]
015F:011604E3 MOV EAX,[EDX+14] <-- get app entry point
015F:011604E6 MOV [EBP-10],EAX
015F:011604E9 MOV EBX,[EBP-10] <-- app entry point to EBX
015F:011604EC JMP EBX <-- jump to real entry point


But this target doesn't go there. The function with the above code is entered, but there is a jump before it gets to the 'JMP EBX' that goes to the end of the function.

Everything else in the tutorial matched what I saw, up to that point. Did I do something wrong, or is this target special? I put a 'bpm x' on the 'JMP EBX' line, but that line never gets executed.

I've gotten the same results with win2k and winme. I used Soft-ICE on win2k and TRW2000 on winme.

I downloaded PerlBuilder, which also uses VBox 4.3. With PerlBuilder, everything goes exactly as explained in the tutorial. So the VBox protection is somehow different with SlickEdit...

* sorry for my poor English *

...but I thought MicroEdge using FlexLM v6.1a. BTW I'm trying to crack Visual SlickEdit 6.0c and for the present I'm unsuccesful ;o( Installation key for v6.0 not working with v6.0c...

hello Xybyre,

Visual SlickEdit v6.0c is protected by VBOX 4.5.
vsapi.dll is packed. I have not succeed yet. Can't find the OEP of this dll.

I wonder what I shall pay special attention to when unpacking a DLL. Import table? Export table? or Relocation table?