Thread: where's the error in this asprotect-target?
View Single Post
  #34  
Old 01-01-2004, 02:14
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
ok, zlatko, i came to the following with your program.

your IAT is correct. now the parts to edit:

0056901C 55 PUSH EBP
0056901D 8BEC MOV EBP,ESP
0056901F 83C4 F0 ADD ESP,-10
00569022 B8 848B5600 MOV EAX,MsDataGe.00568B84
00569027 E8 00DFE9FF CALL MsDataGe.00406F2C
0056902C A1 B4C65600 MOV EAX,DWORD PTR DS:[56C6B4]
00569031 8B00 MOV EAX,DWORD PTR DS:[EAX]
00569033 E8 C0B2EFFF CALL MsDataGe.004642F8
00569038 FF15 E8C15600 CALL DWORD PTR DS:[56C1E8]
0056903E A1 B4C65600 MOV EAX,DWORD PTR DS:[56C6B4]
00569043 8B00 MOV EAX,DWORD PTR DS:[EAX]
00569045 E8 46B3EFFF CALL MsDataGe.00464390
0056904A E8 05B6E9FF CALL MsDataGe.00404654

Edit to:

0056901C > $ 55 PUSH EBP
0056901D . 8BEC MOV EBP,ESP
0056901F . 83C4 F0 ADD ESP,-10
00569022 . B8 848B5600 MOV EAX,dumped_.00568B84
00569027 . E8 00DFE9FF CALL dumped_.00406F2C
0056902C . A1 B4C65600 MOV EAX,DWORD PTR DS:[56C6B4]
00569031 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00569033 . E8 C0B2EFFF CALL dumped_.004642F8
00569038 . E8 8FFAFFFF CALL dumped_.00568ACC
0056903D . 90 NOP
0056903E . A1 B4C65600 MOV EAX,DWORD PTR DS:[56C6B4]
00569043 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00569045 . E8 46B3EFFF CALL dumped_.00464390
0056904A . E8 05B6E9FF CALL dumped_.00404654

and this:

00568AD4 68 378B5600 PUSH MsDataGe.00568B37
00568AD9 64:FF30 PUSH DWORD PTR FS:[EAX]
00568ADC 64:8920 MOV DWORD PTR FS:[EAX],ESP
00568ADF A1 5CE25600 MOV EAX,DWORD PTR DS:[56E25C]
00568AE4 50 PUSH EAX
00568AE5 E8 B6FFFFFF CALL MsDataGe.00568AA0
00568AEA 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
00568AED A1 5CE25600 MOV EAX,DWORD PTR DS:[56E25C]
00568AF2 E8 7D13EAFF CALL MsDataGe.00409E74
00568AF7 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00568AFA A1 30C65600 MOV EAX,DWORD PTR DS:[56C630]
00568AFF E8 94BCE9FF CALL MsDataGe.00404798
00568B04 A1 30C65600 MOV EAX,DWORD PTR DS:[56C630]
00568B09 8B00 MOV EAX,DWORD PTR DS:[EAX]
00568B0B E8 FCBEE9FF CALL MsDataGe.00404A0C
00568B10 85C0 TEST EAX,EAX
00568B12 7E 08 JLE SHORT MsDataGe.00568B1C
00568B14 A1 44C35600 MOV EAX,DWORD PTR DS:[56C344]
00568B19 C600 01 MOV BYTE PTR DS:[EAX],1
00568B1C E8 4BFFFFFF CALL MsDataGe.00568A6C
00568B21 33C0 XOR EAX,EAX

to:

00568AD4 |. 68 378B5600 PUSH dumped_.00568B37
00568AD9 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00568ADC |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00568ADF 90 NOP
00568AE0 90 NOP
00568AE1 90 NOP
00568AE2 90 NOP
00568AE3 90 NOP
00568AE4 |. 50 PUSH EAX ; /Arg1 => 00C23405
00568AE5 |. E8 B6FFFFFF CALL dumped_.00568AA0 ; \dumped_.00568AA0
00568AEA |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
00568AED |. A1 5CE25600 MOV EAX,DWORD PTR DS:[56E25C]
00568AF2 |. E8 7D13EAFF CALL dumped_.00409E74
00568AF7 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00568AFA |. A1 30C65600 MOV EAX,DWORD PTR DS:[56C630]
00568AFF |. E8 94BCE9FF CALL dumped_.00404798
00568B04 |. A1 30C65600 MOV EAX,DWORD PTR DS:[56C630]
00568B09 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00568B0B |. E8 FCBEE9FF CALL dumped_.00404A0C
00568B10 |. 85C0 TEST EAX,EAX
00568B12 |. 7E 08 JLE SHORT dumped_.00568B1C
00568B14 |. A1 44C35600 MOV EAX,DWORD PTR DS:[56C344]
00568B19 |. C600 01 MOV BYTE PTR DS:[EAX],1
00568B1C |> E8 4BFFFFFF CALL dumped_.00568A6C
00568B21 |. 33C0 XOR EAX,EAX
Reply With Quote