Tried unpacking DVDIdle Pro - AsProtect

[britedream]

maltese,
don't load my iat, fix yours according to mine.

please pm with your email.

BriteDream....

Does this make sense?

removed DvdIdlePro.udd and DvdIdlePro.bak (cache if you will for Olly)

1) I loaded Olly 1.10beta
2) Answered NO to analyze
3) F9, SHIFT+F9 26 times
4) ALT M
5) Left Click - code line for DvdIdle Pro
6) CTRL + F11
7) VIEW->TRACE
8) Enter Stolen Bytes
9) @ PUSH EBX (start of Stolen Bytes), I set NEW ORIGIN
10) OllyDump: uncheck Rebuild Import (saved as dump.exe)

* Left Ollydbg running after dumping to dump.exe

11) Loaded Imprec v1.6f
12) Selected DVDIdle Pro as Active Process
13) Pressed IAT Auto Search
14) Pressed Get Imports (left all values at default)
15) Pressed Show Invalid
16) Right clicked on invalid and selected: Trace Level 1 (disasm)
17) Pressed Show Invalid again
18) Right clicked on invalid and selected: Plugin Tracers-> aspr2

* It said no more pointers...see if it works

19) Clicked fix dump.... and patched the dump.exe file from Olly.

Program does not work...

Maybe my options are incorrect on Imprec???

Above the Fix Dump button I have checked: add new section (default)
In options: The only thing checked is: Process Properties (enable debug privilege XP) & Use PE Header From Disk

Did I not do something right? I noticed that Raider had a byte that was invalid in his beginning execution code so he NOP'd it. This exception appears to be happening during a Windows call.

-Malt

[britedream]

please read my three tutorials about stolen, then use my script "asproep" to find out the place for oep and stolen, then fix your stolen and dump from the oep.

RVA for your iat=22000 size= 918

once you get to rebuilding your iat please, let me know I will help you on that, but first get the correct stolen and the correct dump.

if there is anything you didn't understand in my tuts, please pm me.

BriteDream,

Where can I dl your 3 tutorials? I am looking forward to reading them!

Thanks

-Malt

[britedream]

please check your email