Thread: Is it possible to unpack ASProtect 1.23 RC4 Registered packing software?
View Single Post
  #9  
Old 10-30-2004, 17:33
britedream britedream is offline
Friend
  
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Hi Nemda2k3!,
I just looked at your dump to see if you cleared usual asprotect antidump, there are some you didn't clear , such as the checking of your entry point to see if it still the protector entry point , if not , the target is unpacked , and will give you a problem :

0047DFF3 8B35 18C75500 MOV ESI,DWORD PTR DS:[55C718]
0047DFF9 8B46 3C MOV EAX,DWORD PTR DS:[ESI+3C]
0047DFFC 8B4430 28 MOV EAX,DWORD PTR DS:[EAX+ESI+28]
0047E000 66:3D 0010 CMP AX,1000
0047E004 74 04 JE SHORT dumped_f.0047E00A

here you can see it is loading the entry point from the target pe header and comparing with the protector entrypoint [rva].

follow the return and you will see also the next call isnot corrected, and so on.

britedream
Last edited by britedream; 10-30-2004 at 21:08.
Reply With Quote