Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   What's this? (https://forum.exetools.com/showthread.php?t=3571)

Crk 03-04-2004 00:49
What's this?
 
playing with Resource Builder 2.1 (2.1.0.3)

Dump at fake OEP which is the common calls to Getmodulehandle
that Delphi app. uses

original OEP : 00613654

Stolen bytes: 558BEC83C4F8B89C2D6100

set new OEP to 00213654 with your favorite PE Editor then fill the 000000 with stolen bytes ...

now i can't find any entries to resolve IAT using latest Imprec ..
the plugins don't work neither

is this A new ASpr. tricks??

i think this is Aspr. 1.3 which uses some IAT protection

Any ideas/tips ??

Regards

ferrari 03-04-2004 01:59
i think the latest version is Resource Builder 2.1.0.2
can't get any search results for ur version in google. My download is in progress...lets see u may be right. but if i am correct then pal
have a look here

http://www.exetools.com/forum/showthread.php?s=&threadid=3397

Crk 03-04-2004 13:25
i just can't get any Imports using Imprec .. i even used the fake OEP PEid gaves me .. Imprec just founds and invalid thunk.

i don't have trouble with dumping or finding Stoled bytes . that job is done... you can confirm this if desire... does someone else have tried this latest Resource Builder???

fixing IAT manually could take LOnggggg time! however i don't even know why or how much time i wasted with this crapy app. since many functions are disable/encrypted and without key this is useless. :p

Regards

crusader 03-04-2004 15:44
When we say "manual" i think few ppl mean fixing import one by one... "manual" means not using ready made tools like Imprec...

if you know a bit about Import Table, a few small patches will make aspr rebuild the import table for you :)... and it will always work till Alexey redesigns his IAT mangling routine all together :)...

ferrari 03-04-2004 19:25
hi,
u are right the version is 2.1.0.3
The same version is discussed in the above link i gave u. I unpacked this program just now.Though i used satyricOn's IAT tree to fix the dump. I'l do it again myself.
But the problem is as u said that we need a key to enable all the functions. Though the unpacked program doesn't expire if i forward the clock.
I have another similar ASPR 1.3 protected target-->SIGuardian 1.71


All times are GMT +8. The time now is 11:23.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX