#1
|
|||
|
|||
Out of Control Asprotect
Hi all, i'm trying to unpack Advanced Office Password Recovery, by Elcomsoft, at the time i'm writing, v3.03 and protected with(PEiD says ASProtect v1.2x (New Strain) *).
I downloaded as much as tutorials i could and looked for all unpackers and searched for all olly scripts but everything doesn't work. Following some tutorials by Ferrari i read: Load the program in Olly and you'll be here: 00401000 > 68 01505200 PUSH aopr.00525001<---------- You are initially here 00401005 |. E8 01000000 CALL aopr.0040100B 0040100A \. C3 RETN 0040100B $ C3 RETN -> OK Shift+F9 and program will throw an access violation: Access violation when writing to [00000000] - use Shift+F7/F8/F9 to pass exception to program -> OK Ctrl+B and put : 8B 17 89 02 EB -> STOP: The search reports that item is not found FROM HERE I DON'T KNOW HOW TO GO ON. Can someone help me? I'm a bit puzzled... UPDATE: Very strange, but with stripper 2.11rc2 i managed to have a running program. The code is terribly mangled, entry point of the program can be found no more nor the false one neither the real one. WinDasm crashes. It cannot be dumped again and iat cannot be found, although i managed to have one clean one. I managed to patch the registration dialogue with breakpoint on GetDialogItem, but now i need to crack the initial check, to make it view registered. I try to break on RegOpenKey, RegQueryValue but nothing relevant happens. seems that the key where the key should be stored is never opened. I know for sure that registration keys are handled internally and are not ASPR keys. Someone has suggestions for me? In attach unpacked and IAT. Last edited by TmC; 04-13-2005 at 11:26. |
#2
|
|||
|
|||
Hi,
Please provide a link for packed program. Anyway is the 'stripped' program works fine without any crashes? |
#3
|
|||
|
|||
Quote:
The stripped works, but is hard to crack because the entire executable is smashed by the unpacker. Anyway, because it works with 2.11 and not with 2.07f, PEiD and ProtectionID are far from beein right. It should be at least 1.23-2.x Asprotect and not Asprotect 1.2 New Strain. Puzzled |
#4
|
|||
|
|||
TMC: It's exactly ASPR 1.31
|
|
|