n00b
April 20th, 2005, 01:59
hello ,
how to know if the PE is making a "CRC Check" ?
and How to defeat that?
how to know if the PE is making a "CRC Check" ?
and How to defeat that?
View Full Version : CRC Check
JMI
April 20th, 2005, 02:28
n00b:
Did you actually read that part in the FAQ which says you are supposed to SEARCH for the answers to your question BEFORE you ask a question. This is such a basic subject, you should have found alot of information by searching both here and on the net for the subject of CRC checks, how they work, and how they might be defeated.
Try searching on the net for "CRC Checks" (without the quotes) and for things like "defeat + CRC Checks" (again with no quotes). Then try with other combinations of words. You should also try using the SEARCH function at the top of the Forums to search here for information.
Generally, you should suspect that there is something like a CRC check when you change anything in the program and it puts up an error message indicating that there is a CRC error. But that's just a general statement.
Now go do some of your own homework and come back with a more focused question which shows you have been trying to help yourself.
Regards,
Did you actually read that part in the FAQ which says you are supposed to SEARCH for the answers to your question BEFORE you ask a question. This is such a basic subject, you should have found alot of information by searching both here and on the net for the subject of CRC checks, how they work, and how they might be defeated.
Try searching on the net for "CRC Checks" (without the quotes) and for things like "defeat + CRC Checks" (again with no quotes). Then try with other combinations of words. You should also try using the SEARCH function at the top of the Forums to search here for information.
Generally, you should suspect that there is something like a CRC check when you change anything in the program and it puts up an error message indicating that there is a CRC error. But that's just a general statement.
Now go do some of your own homework and come back with a more focused question which shows you have been trying to help yourself.
Regards,
n00b
April 20th, 2005, 10:02
i have a file packed with telock 0.98 , i unpacked it using UNtelock 0.98+
i can see the source now , but the file Doesnt RUN now!
why? , from googlin i found that there maybe a "CRC CHeck".
i read many tut`s that dealin with " CRC check ".
but those tut`s were defeatin error msg`s like "file has been modified...."
my problem differs , ( the file DOESNT RUN ).
i think when i unpacked the file an error occured for the PE
is there a tool to verify the PE?
how to know if it was a PE error or a CRC Check?
thx,.
i can see the source now , but the file Doesnt RUN now!
why? , from googlin i found that there maybe a "CRC CHeck".
i read many tut`s that dealin with " CRC check ".
but those tut`s were defeatin error msg`s like "file has been modified...."
my problem differs , ( the file DOESNT RUN ).
i think when i unpacked the file an error occured for the PE
is there a tool to verify the PE?
how to know if it was a PE error or a CRC Check?
thx,.
dELTA
April 21st, 2005, 01:57
You must debug the program yourself so see if it has such a check. Search this forum, and you'll find many specific techniques to do it.
JMI
April 21st, 2005, 02:06
Searching? Who'd a thought of Searching. 
Regards,
Regards,
JohnWho
April 21st, 2005, 03:11
Here's some of the more common API's used for CRC checks!
ReadFile
CreateFile
CreateFileMapping
MapViewOfFile
OpenFileMapping
UnmapViewOfFile
CloseHandle
But tracing from EP usually gives you an idea of whats going on, then compare with a trace in packed file!
ReadFile
CreateFile
CreateFileMapping
MapViewOfFile
OpenFileMapping
UnmapViewOfFile
CloseHandle
But tracing from EP usually gives you an idea of whats going on, then compare with a trace in packed file!
naides
April 21st, 2005, 06:36
The file does not run. . . umhh!
1. The unpacker does not work for this file? Remember that unpackers are handcrafted tools that cannot garantee will work in every instance.
2. Perhaps The file knows it was unpacked. Either by a CRC check or by other device.
You need to disassemble the unpacked, trace the packed and the unpacked with a debugger, look why and how your file quits: does it load, then do a check, then quits?
or when it loads a dll, the dll is the one that does the checking and then quits?
What do you mean when you say 'it does not run': a page violation exception? a silent but clean quit? a complete system fuckup?
Disassemble and debug, which is the hard, long, interesting, challenging , ilegal and expensive way,
Or buy the program, what is quick and cheaper. Believe me, ther are few other options.
1. The unpacker does not work for this file? Remember that unpackers are handcrafted tools that cannot garantee will work in every instance.
2. Perhaps The file knows it was unpacked. Either by a CRC check or by other device.
You need to disassemble the unpacked, trace the packed and the unpacked with a debugger, look why and how your file quits: does it load, then do a check, then quits?
or when it loads a dll, the dll is the one that does the checking and then quits?
What do you mean when you say 'it does not run': a page violation exception? a silent but clean quit? a complete system fuckup?
Disassemble and debug, which is the hard, long, interesting, challenging , ilegal and expensive way,
Or buy the program, what is quick and cheaper. Believe me, ther are few other options.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.