We can fill Standard Form Type SF254, SF255 which is using in internatioal projects by this program.

Reversing

It's protected by Crypkey and it's coming with 14 trial days.
[bpx GetProcAddress] --> [F5] --> Softice
We will trace with [F10]. We want to find OEP. [wc] --> code window is off --> [F10]

016F:00639664 PUSH 00638E3B                         <-- landed hier
016F:00639669 PUSH ESI
016F:0063966A CALL KERNEL32!GetProcAddress
016F:0063966F MOV [00638E37],EAX
016F:00639674 PUSH 00638E50
016F:00639679 PUSH ESI
...
016F:006395F0 CALL KERNEL32!GetProcAddress
016F:006395F5 CMP EAX,00
016F:006395F8 JZ 00639630 
016F:006395FA PUSH DWORD PTR [00638E16]
016F:00639600 PUSH DWORD PTR [00638A72]
016F:00639606 PUSH 00637000
016F:0063960B PUSH DWORD PTR [00638A76]
016F:00639611 CALL EAX
016F:00639613 JMP [00637000]
016F:00405B7C PUSH 00405E8C                         <-- OEP
016F:00405B81 CALL 00405B76

As you see, program goes at 639613 to back with JMP. It means, Crypkey tested 14 trial days and did'nt found any problem. If trial days already finished, we can not come to 639611.

[\dump 400000 23958A c:\dump.exe]. (Image Base=400000 ve Image Size=23958A)
PEditor --> dump.exe --> Entry Point --> 405B7C-400000 = 5B7C.

Sections --> First section --> dumpfix --> thats all.

This method can work all Crypkey protected programs. (at least up to Crypkey 5.0.161)

When we try to run dump.exe, there is an error about missing DLL file. I think, this is Import Table problem. We will use Revirgin to fix it.

Orjinal program --> Revirgin --> Procedure --> Sfeditor.exe.

OEP --> 405B7C --> Fetch IAT --> IAT Resolver --> Revirgin wants dumped.exe --> please select

--> Resolve again --> Show unresolved --> Everything is OK. (IT RVA 23958A ve IT Length 40)
--> IT Generator --> Revirgin v1.11 build 18 added .tsehp section and automaticly updated IT RVA ve IT Length. Now, dump.exe is working without Crypkey protection.

If you are earning money by means of software, please buy this software.