[britedream]

thanks ShaG for the improvement, much better!.

inlight of my post on this forum and the three steps I mentioned for unpacking asprotect , now this script
will demonstrate this fact by locating
the stolen bytes , to do that , do the following:

1-hide debugger

2- run this script below, and look for your
stolen.(some time you may need to add to
the stolen bytes the mov eax,xxxxxx), it is easy, I did clarify this some where in this forum) .[hint: F9 few times once script finshes, you will be at mov ebp,esp in programs that start: push ebp, mov ebp,esp]

3.- look for your oep as I noted in a thread in this forum.

note:
this script will work on most of the aspr. programs that have stolen bytes, in some it will not , so you need to trace once you are in the break point of the updated script "lastex", I will provide a script for such programs later on, if a need for it arises.

scripts tested on registry cleaner expert. (this script is only to demonstrate steps I posted for unpacking asprotect. I didn't put any effort in it , I just added few codes to lastex script).