Lomex
2010-05-09, 12:37 AM
Hi folks,
I have here a Hasp HL protected software which gives me that famous error:
"Error 1031: Envelope unknown error"
Its because the file is enveloped and I need to extract the Q/A Tables from it.
There is a How to available from Git, but for me its not easy to follow.
1) Run program.
2)When Envelope Error occurs, Dump program with debugger or PE tool, then quit program.
3) Search dump with hex editor for GetTickCount. Make sure you have instance which is not next to all other import names. If in doubt, take successful Answer from Logger and search for that in dump. Then search back until you find GetTickCount.
4) Save 4096 bytes from start of block to file block1.bin. Block starts N bytes after GetTickCount (N=14 ??)
5) Convert block1.bin to Registry format with Bin2DTable.
6) Incorporate new Q/A pairs from (5) into your Reg file, enter Reg file into Registry and restart the emulator.
7) Run program. If Envelope Error occurs, GOTO (2). Repeat for theoretical maximum total of 5 times.
8) If you still have Envelope Error you made a mistake so GOTO (1) and repeat whole procedure.
9) Now you have fixed the Envelope. If you are lucky and the programmer was lazy then your program will run. If the programmer was smart you will have many more Q/A pairs to retrieve. Just keep running the program with a Logger running and explorer all of the programs features. Add the Q/A pairs from the Log to the registry and repeatedly GOTO (9) until emulator works 100%
My problem starts at Position number 4. How many bytes after the GetTickCount I have to start N=14 or 8 ??.
Then how to mark and save exactly 4096 bytes inside a Hex Editor? Need some pictures or a small tut video.
Maybe someone could help me with this.
TIA
Lomex
I have here a Hasp HL protected software which gives me that famous error:
"Error 1031: Envelope unknown error"
Its because the file is enveloped and I need to extract the Q/A Tables from it.
There is a How to available from Git, but for me its not easy to follow.
1) Run program.
2)When Envelope Error occurs, Dump program with debugger or PE tool, then quit program.
3) Search dump with hex editor for GetTickCount. Make sure you have instance which is not next to all other import names. If in doubt, take successful Answer from Logger and search for that in dump. Then search back until you find GetTickCount.
4) Save 4096 bytes from start of block to file block1.bin. Block starts N bytes after GetTickCount (N=14 ??)
5) Convert block1.bin to Registry format with Bin2DTable.
6) Incorporate new Q/A pairs from (5) into your Reg file, enter Reg file into Registry and restart the emulator.
7) Run program. If Envelope Error occurs, GOTO (2). Repeat for theoretical maximum total of 5 times.
8) If you still have Envelope Error you made a mistake so GOTO (1) and repeat whole procedure.
9) Now you have fixed the Envelope. If you are lucky and the programmer was lazy then your program will run. If the programmer was smart you will have many more Q/A pairs to retrieve. Just keep running the program with a Logger running and explorer all of the programs features. Add the Q/A pairs from the Log to the registry and repeatedly GOTO (9) until emulator works 100%
My problem starts at Position number 4. How many bytes after the GetTickCount I have to start N=14 or 8 ??.
Then how to mark and save exactly 4096 bytes inside a Hex Editor? Need some pictures or a small tut video.
Maybe someone could help me with this.
TIA
Lomex