[TmC]

Hi all, i'm trying to unpack Advanced Office Password Recovery, by Elcomsoft, at the time i'm writing, v3.03 and protected with(PEiD says ASProtect v1.2x (New Strain) *).

I downloaded as much as tutorials i could and looked for all unpackers and searched for all olly scripts but everything doesn't work.

Following some tutorials by Ferrari i read:

Load the program in Olly and you'll be here:

00401000 > 68 01505200 PUSH aopr.00525001<---------- You are initially here
00401005 |. E8 01000000 CALL aopr.0040100B
0040100A \. C3 RETN
0040100B $ C3 RETN

-> OK

Shift+F9 and program will throw an access violation:

Access violation when writing to [00000000] - use Shift+F7/F8/F9 to pass exception to program

-> OK

Ctrl+B and put : 8B 17 89 02 EB

-> STOP: The search reports that item is not found

FROM HERE I DON'T KNOW HOW TO GO ON.

Can someone help me? I'm a bit puzzled...


UPDATE:

Very strange, but with stripper 2.11rc2 i managed to have a running program.
The code is terribly mangled, entry point of the program can be found no more
nor the false one neither the real one. WinDasm crashes. It cannot be dumped again and iat cannot be found, although i managed to have one clean one.
I managed to patch the registration dialogue with breakpoint on GetDialogItem, but now i need to crack the initial check, to make it view registered.
I try to break on RegOpenKey, RegQueryValue but nothing relevant happens. seems that the key where the key should be stored is never opened. I know for sure that registration keys are handled internally and are not ASPR keys.

Someone has suggestions for me?

In attach unpacked and IAT.