Thread: problem with asprotect 1.2x-1.3x
View Single Post
  #1  
Old 11-21-2004, 18:17
el-kiwi
 
Posts: n/a
problem with asprotect 1.2x-1.3x
hi to all,

well I load app in peid and its say asprotect 1.2x-1.3x [registered],
go to last exepction bp on memory access and i land here:

00406A2C -FF25 C0D24F00 JMP DWORD PTR DS:[4FD2C0] ; kernel32.GetModuleHandleA
00406A32 8BC0 MOV EAX,EAX
00406A34 -FF25 BCD24F00 JMP DWORD PTR DS:[4FD2BC] ; kernel32.LocalAlloc
00406A3A 8BC0 MOV EAX,EAX
00406A3C -FF25 B8D24F00 JMP DWORD PTR DS:[4FD2B8] ; kernel32.TlsGetValue
00406A42 8BC0 MOV EAX,EAX
00406A44 -FF25 B4D24F00 JMP DWORD PTR DS:[4FD2B4] ; kernel32.TlsSetValue

now interesting thing is that imprec resolve all functions,except GetProccAddress,so I dump app here at 00406A2C fix dump and program wont run, its always go to kernel32.exit thread.
Now,this is not real oep,so I think that app maybe use stolen bytes or stolen code tehnics, anyone expierence this problem? any sugestions?
Reply With Quote