RecoverEXE 2.0 Full Version

FORM:http://www.reaonline.net

by :kienmanowar

Translate to English:

RecoverEXE or we restore the files, damaged by the virus(one of the methods of restoration it is file)!

Introduction
I will say immediately. In the long lifetime of program, did not be located no one desiring it to acquire on over to low price 2 to u.e. On this there is no sense to extend Demo the version of program. On this rock Ful version free of charge! But, with one condition! You must write to me on Mail (nifrit2005@mail.ru) or into the guest book on site http://udman.nm.ru everything that you think about the program and the procedure of restoration described below it is file. If certainly do not write, 4 also I will not offend. But at least, I think, I is worthy hear several khoroshikh(a it can and poor) words about its creation.

What is necessary?
- OllyDbg v1.10 is above and nizhe(prosto in me version 1.10)
- the straight hands:)

We have
SiMoCoSetup213.exe and error "The installer you are trying to use is coruupted..." NSIS Error. and so on and so forth.

Let us begin
Let us determine for the beginning. We do start file and it does issue error pier "file which you you do be going to use it is damaged..." and so forth which to us is must first of all??? But we should neglect OllyDbg and look the interior of file, look as it is possible to remove this error. For those who does not know why it is necessary TO OllyDbg, OllyDbg this the troubleshooter of programs which uses programmers hacker for the breaking of programs. But why is necessary troubleshooter? Then in order to correct all possible errors in programs, to change something in progrmmakh, voobshchem to peck the interior of programs.

And thus. Is discovered OllyDbg and we harvest key F3 or File->.Open or file- >to open, ldya of that in order to open the povredzhdennyy file in OllyDbg. Is discovered necessary to us fayl(v my case file SiMoCoSetup213.exe, since with its starting it precisely issues error). If there are what either questions, we answer "there is no" or "No". And thus they opened. Small window appeared before you. Is desirable it to unroll for convenience in the work if it convoluted into the window. About that as to razmernut' I think not necessary to speak. If you do not know as to unroll window, further it is possible not to read!

The collection of incomprehensible numbers and letters proved to be before you. Do not be frightened, here nothing complex there is nothing. Now we have this selection. Or to search for which creates this oshibku(a very heavily if possibly) or to find communication and to remove it.
Brief theory. Error which you obtain with the starting of program, falls out in connection with the fact that the code of program was changed, and thus program attempts you to warn that pier "the code of program it is changed, possibly it infected by virus". But virus in turn makes thus. Is written its harmful code into the different programs, and it comes into action with the starting of these programs. On this it was made such piece, that if the file was damaged by virus, you obtain information about this. In order to remove this as if protection, necessary to understand as it works. But protection works as follows:
Is calculated a quantity of these beeches themselves and numbers which you you see in the window it is written in the specific place program. We will allow they counted 1000 symbols. Wrote down them somewhere into programme(eta procedure it is by the way done only once, with the creation of program itself). Then with each starting of program, we check it does coincide the previously recorded number with that flowing.
If there were 1000 and it remained 1000, then it means all ok and it is possible to continue the work of program. (y000=y000=Da)
If there were 1000 and appeared 1056 for example, then program was changed how or, we issue error and leave from the program. (it y000=y0shch'=Net).
But it descriptively explained this 4 to you. For those coma interestingly as this works, search for in the Internet"CRC".
Now give let us find in the program, where these numbers and where this error departs and, are checked let us do everything vice versa. For example let us make thus.
If program is damaged and its code was changed, we start program and work.
Of elsi the program of nebyla is changed, then we issue error and shut programmu(Ili let us make so as to it it would generally nothing check).

For this press by the right key for mouse on the code of program, which is located almost from the left angle. In you will appear the menu. There direct on "Search for" and there you nzhmite "All referenced text strings". You look figure below.



What this we did make? We searched for all lines texts and so forth in the program. Since to us issues communication, and this communication text, we it searched for.
Now again unroll aperture to entire for convenience in the work. Before you the large list of lines. Among them we should find line "The installer you are trying to use is coruupted..." and so forth if I am not mistaken, it there one. Press on it two times and you will return back into the code of program, only prove to be entirely elsewhere. Now will look only to nizhe(tam where I he emphasized by yellow line). Will be there written this error and will be written addresses from which it is caused this oshibka(Jump from...). If it does not exist, press several times key upward thus far you will not see something similar.



Also this error can be seen, also, in the code of program. Now harvest by right key in the line of error in the code programmy(Ne of that that I he emphasized and by that that above). Voobshchem harvest on the code of program by right button for the discovery of menu. There "Find references to" and "Selected command" or simply press Ctrl+.R. Must fall out window with those addresses themselves from where is caused error. Now in the appeared window, we harvest by right key. There falls out menu. In it we harvest "Set breakpoint on every command". This we will establish such piece, which will stop the execution of program with the entry to one of these addresses. This to us necessarily in order to see from what precisely address is caused oshibka(a it there not one), on this to us and necessary to otsledit' to what precisely it causes. Now it is possible to shut this window with the addresses, to unroll the window of the code and other labudy and to harvest key F9(to harvest one time!!! But not to harvest and to hold). We await.... The execution of program occurs. Operate it can both rapidly and medlenno(v of dependence on kompa). If program stopped and you no longer in that place where were, we look downward, precisely, there where I he emphasized by yellow line. If something of the type there appears:
Jump is NOT taken.....
znach we harvest again F9. Necessary to harvest something of the type as long as will not appear:
Jump is taken.....
Here exactly this to us and it is must!!!!
This means that will precisely here be leap to the error. In the code of program, I dwelled on this line, but in all there can be the different lines:
00403C43 75 30 jnz SHORT 00403C75
Now a little I will describe.
00403C43 - this is the address of the current line
75 30 - this HEX the code of the command
JNZ SHORT 00403C75 - this is code Assembler
Us interests code Assembler. This line means what. It means the fact that will here be leap to the address of error. Scarcely higher comparison occurs.
Now I will stretch approximately that such JNZ. this something of the type "if there is an error, then we jump to the communication with the error, if no, then we go daleye(vypolnyaem program)".
We should do everything vice versa. For this press two times on etoy(.ZhNZ SHORT 00403C75) to line and you will replace JNZ on JE or JMP. Analogously if you have JE, you will replace it on JNZ or JMP and harvest OK. Now you see as the code of program it were replaced to that that you they wrote. Can harvest to the changed line and below you already will see Jump is NOT taken..... instead of Jump is taken..... But this means that to jump to the error not must! Now we harvest by right button to the code of program in order to open menu and direct on "Copy to executable" and harvest "All modifications". In the appeared window we harvest "to copy everything" or "Copy all".
must will appear new window with the code. We press on this code by again right button and is selected "Save file". The dialogue of the retention of file departs and in it we write the name of file. Only name must they will be differed from the fact that it was. Here and everything. I think everything they understood that also as. If no, write in as'ku 304464555. Only before this visit to site mobi.ua or sms.net.ua and otpravt'e to me sms to the telephone so that I it would enter into as'ku. Operator Mobi. Number 380687045572.