Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Problem with old AsProt
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 06-07-2005, 03:13
imagin
 
Posts: n/a
Problem with old AsProt
Help with find Stolen Bytes - ASProtect 1.23 RC4 - 1.3.08.24

Classical unpack - Olly Plugin - find last exception - BP on .code sekcion - CTRL+F11..............
ALT+K - and put here - this is OK and normal

Code:
005FD993    0000            ADD     BYTE PTR DS:[EAX], AL -----------------------        
005FD995    0000            ADD     BYTE PTR DS:[EAX], AL
005FD997    0000            ADD     BYTE PTR DS:[EAX], AL
005FD999    0000            ADD     BYTE PTR DS:[EAX], AL
005FD99B    0000            ADD     BYTE PTR DS:[EAX], AL
005FD99D    0000            ADD     BYTE PTR DS:[EAX], AL-----------------------
005FD99F    E8 B8A2E0FF     CALL    xxxxxDig.00407C5C
005FD9A4    A1 70A56000     MOV     EAX, DWORD PTR DS:[60A570]
005FD9A9    8B00            MOV     EAX, DWORD PTR DS:[EAX]          ; xxxxxDig.00505A4D
005FD9AB    E8 E499E5FF     CALL    xxxxxDig.00457394
005FD9B0    A1 70A56000     MOV     EAX, DWORD PTR DS:[60A570]
005FD9B5    8B00            MOV     EAX, DWORD PTR DS:[EAX]          ; xxxxxDig.00505A4D
005FD9B7    BA 04DA5F00     MOV     EDX, xxxxxDig.005FDA04           ; ASCII "xxxxx Digger"
005FD9BC    E8 D795E5FF     CALL    xxxxxDig.00456F98
Yes now find the stolen bytes - Run Trace and find ESP=EBP - 12FFC0 - and this is my problem -

Code:
0101D8FE Main     JMP     SHORT 0101D903
0101D903 Main     PUSH    EBP                               ; ESP=0012FFBC
0101D904 Main     SUB     WORD PTR DS:[101D90E], 0F13C
0101D90D Main     JMP     SHORT 0101D911
0101D911 Main     POP     DWORD PTR SS:[ESP]                ; ESP=0012FFC0
0101D915 Main     MOV     EBP, ESP                          ; EBP=0012FFC0
0101D917 Main     SUB     ESP, 0C                           ; ESP=0012FFB4
0101D91D Main     SUB     WORD PTR DS:[101D927], 7B43       ; FL=CS
0101D926 Main     JMP     SHORT 0101D92A
0101D92A Main     JMP     SHORT 0101D92E
0101D92E Main     SUB     WORD PTR DS:[101D937], 3068
0101D937 Main     JMP     SHORT 0101D93C
0101D93C Main     LEA     ESP, DWORD PTR SS:[ESP-2D]        ; ESP=0012FF87
0101D940 Main     PREFIX REPNE:
Target in Delphi

I don't know exactly which it are - statement is some fake - advise st. to nobody which it are - line on target send to PM - thanks
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP Problem coolrpg General Discussion 3 03-17-2004 09:35
problem.................................... nikicraki General Discussion 3 12-13-2003 21:03
IDA 4.17 problem loman General Discussion 2 08-21-2002 18:35


All times are GMT +8. The time now is 05:35.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )