To Satyric0n
by no means I am more competent than you in
anyway, however I did download the program,
with few nops and it is running.if you see the program
starting, then goes away,you are almost there.
just make sure that you nop the call at 5735f7
from push ebx to pop ebx inclusively,also make
sure that your Iat is correct ,imporRec failed to detect
freeresource in this program.this is my Iat to compare to:

to staryic0n:
I just noticed that your oep isn't correct, and your
stolen bytes is missing one byte, here is the working
info:
oep=55 8B EC 83 C4 F0 53 B8 DC 4D 58 00

IAT is attached above.
addresses to patch:
are almost the same so start nopping
from: xor eax,eax to mov xxxxxx,edx
5789d9
5735eb ;check my post above
578a1a
578a5b
578a9c
57d8c3
57d904
the last is jnz :
578ae4 nop
----------------------------------------------------------
Thanks to Hotpepper , it is a nice program!

to Hotpepper
for you to practice ,try the new recordius 1.04,protection
is the same as above ,it will take you no more than
five min. , here some info to help you
oep=11f674
Iatrva=777230 size~900
stolen bytes are the same as above.except eax value .

good luck.

britedream

britedream,

I had the exact same IAT as you, so I guess I did at least that much correctly :p. But, you are absolutely correct on the OEP and stolen bytes; I missed the PUSH EBX, but at least had the correct distance between EBP and ESP...

I am reviewing the rest of the information you posted, of the addresses to patch. Thank you very much for looking into this :D, it is nice to see the solution to this after as much time as I spent trying to figure it out, unsuccessfully.

britedream,

I looked over the addresses you said to NOP, and NOPing those did work perfectly. But I have found a different solution that has considerably less NOPing, and appears to work correctly.

I agree with you on NOPing the procedure at 5735EC (PUSH EBX through POP EBX), but I think all the others you listed are unnecessary. Simply NOP the CALLs at 573782 and 57389B, and everything seems to work just fine.

Again, thanks for your help. I would not have found any solution, yours or mine, without your input.

it may very well be, I didnot test it ,so nopping some of those may prevent going to the others.,I think I did
try to nop the 573782,but had some errors.so check
it in the original program, and see if it works.

NOPing 573782 definately works as long as you also NOP 57389B. Doing one or the other but not both does not work properly, but NOPing both seems to work great.

I know I have thanked you already for your help, but thank you again :D. It made me very happy to finally get this working, after so much frustration at being unsuccessful. I spent a pathetically long time trying to get it to work, when I knew it had to be a simple solution, and in the end it was. But, I learned a lot (about SEH especially) from working on it. From what I learned from this, I was able to get Recordius 1.04 unpacked and working without even thinking about it, so it was worth it. Maybe one day I can return you the favor.

My pleasure , and I am glad that my info was any benefit
to you.

regards

Thanks for all of you helping solve the problem.

Currently I am on the biz trip to out of my country. When I back to home, I will try that.

Thanks, again

HotPepper:p

PS] I believe DropToCD and Recordius are really nice program. That is really small and have almost functionality that I want.

anyone knows oep and stolen bytes of anydvd? can't find it...

TIA

I got the following for AnyDVD 1.6.2.3:
OEP = 419CA4
stolen bytes = 55 B0 60 89 04 24 55
IAT RVA = 25000
IAT size = 2C8

The number of stolen bytes, ITA location, and ITA entries all seem very strange to me, so it is likely that this information is not 100% correct. It appears to work correctly, but I only tested the GUI, not the actual functionality. So, even if it's not totally correct, it's a good starting point.

generic ways
 

Hello all,
nice to read this thread and btw good work LaBBa.
unpacking is an good way to defeat Aspr but for this kind of most used protectors i try allways to get more generic solutions.
this is why i start ASload with NTSC.
if you use ASload on DropToCD or other asprotected apps you will see what i mean.

hxxp://www.cstn.cjb.net/

my problem is that i havent that time this days and iam a really bad and slow coder, if i can call my self so :~)
if anyone want to help me or share some new tricks to handle the crypted part thing in aspr so message me plz...

best regards.

Hi Satyric0n, britedream,

Thanks again for help those kind of procedure.

For NOPing, I found new and simple method for that.

Just 10 byte... at 0058547B(5 bytes) and 00585564(5bytes) these are located at some byte after from OEP.

These 10 bytes NOPing remove the Trial Message dialog box also.

Thanks,

HotPepper

glad to see you tackling the program !

Britedream
شكراً لك من القلب يرجى مراسلتي لتعرف والمواصلة معنا
أخوك
أبو عبد الله
السعودية