What's this?

playing with Resource Builder 2.1 (2.1.0.3)

Dump at fake OEP which is the common calls to Getmodulehandle
that Delphi app. uses

original OEP : 00613654

Stolen bytes: 558BEC83C4F8B89C2D6100

set new OEP to 00213654 with your favorite PE Editor then fill the 000000 with stolen bytes ...

now i can't find any entries to resolve IAT using latest Imprec ..
the plugins don't work neither

is this A new ASpr. tricks??

i think this is Aspr. 1.3 which uses some IAT protection

Any ideas/tips ??

Regards

i think the latest version is Resource Builder 2.1.0.2
can't get any search results for ur version in google. My download is in progress...lets see u may be right. but if i am correct then pal
have a look here

http://www.exetools.com/forum/showthread.php?s=&threadid=3397

i just can't get any Imports using Imprec .. i even used the fake OEP PEid gaves me .. Imprec just founds and invalid thunk.

i don't have trouble with dumping or finding Stoled bytes . that job is done... you can confirm this if desire... does someone else have tried this latest Resource Builder???

fixing IAT manually could take LOnggggg time! however i don't even know why or how much time i wasted with this crapy app. since many functions are disable/encrypted and without key this is useless.

Regards

When we say "manual" i think few ppl mean fixing import one by one... "manual" means not using ready made tools like Imprec...

if you know a bit about Import Table, a few small patches will make aspr rebuild the import table for you ... and it will always work till Alexey redesigns his IAT mangling routine all together ...

hi,
u are right the version is 2.1.0.3
The same version is discussed in the above link i gave u. I unpacked this program just now.Though i used satyricOn's IAT tree to fix the dump. I'l do it again myself.
But the problem is as u said that we need a key to enable all the functions. Though the unpacked program doesn't expire if i forward the clock.
I have another similar ASPR 1.3 protected target-->SIGuardian 1.71