Thread: Help with ASProtect 1.23 RC4
View Single Post
  #1  
Old 06-07-2004, 11:04
Perdition
 
Posts: n/a
Help with ASProtect 1.23 RC4
I thought I would try my hand at unpacking an ASProtect target (hxxp://oemailrecovery.com/downloads/AddressBookRecovery.exe), but I can't get it to work. I used R@dier's excellent tutorial as a basis and managed to locate what seems to be the stolen bytes but not entirely sure exactly which are the stolen ones.

I got to this point at line 5618 in the trace window :

PUSH EBP
MOV EBP,ESP
SUB ESP,10
JMP SHORT 00ACE8AE
XOR WORD PTR DS:[ACE8B8],2A2
JMP SHORT 00ACE8BA
XOR WORD PTR DS:[ACE8C4],3EEE
JMP SHORT 00ACE8C7
PUSH DS
PUSH 2847F208
MOV DWORD PTR SS:[ESP+4],ECX

...

Is this the correct place and if so which are the stolen bytes?

I figured the OEP to be 575DFF but this may also be incorrect.

Any help would be much appreciated
Reply With Quote