Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-12-2004, 14:02
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
The new asprotect 1.31

I did download this beta, it is getting closer to acprotect approach, the new beta and the older asprotect both almost have the same concept.I wrote script to find the oep and the last exception, the true oep is directed by jmp to the asprotect area , where the stolen reside,this is done within the few exceptions (2-3, I don't remember now) before the last exception reached, for the iat , the apies are emulated inside the asprotect area, this is my initial observation, I believe this observation won't be new to most of you, but I thought I should share it with others who may not have it. please share your input if you can. thanks.
Reply With Quote
  #2  
Old 05-13-2004, 02:21
el-kiwi
 
Posts: n/a
I can find oep,about stolen bytes i use same compiler stubb approach and its working,but when i try to use imprec,imprec crash,can not fix iat.
Reply With Quote
  #3  
Old 05-15-2004, 23:20
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To: el-KiWi

in this weekend I did look at the beta , and I did unpack it ,but I used non traditional way for speed due to lack of time, I will look into the normal way
used to unpack asprotect once I have the time,so play with it , I am sure you will unpack it.
Reply With Quote
  #4  
Old 05-16-2004, 11:08
bollygud
 
Posts: n/a
this version makes it's a very difficult task to make a clean dump that you can use on any computer. however, it is extremely easy (but time consuming) to unpack the apps and have them run on your own machine (and possibly even the same OS on another machine). I may write a tutorial on the entire process and post it here, but the basic idea behind it is to dump and attach the aspr envelope to the dumped.exe file. This involves realigning dumped sections and playing with import functions. The biggest obstacle to overcome would be rebuilding an import table and IAT, since aspr now doesn't simply use redirection from withing the IAT.

And, if Alexey ever peers this forum (who knows) here's a little msg to him:

Quote:
While this implementation is a better protection (in that it requires more time and effort to crack it), it is not better for the end user. Your new system will protect better, but waste more cpu cycles and ultimately slow down the application in boot time and in execution. This is in stark contrast to your previous protector which was very fast. One of the biggest problems I have with protectors like Armadillo and others is the speed and stability issues. And now, it seems, you're moving to that direction as well. You're finding yourself in bad company. This is a real shame considering you had the best protector out there if programmers would simply use the tools available to them and encrypt pieces of code unless a valid key is present. Anyway to summarize, while I understand the need to offer this type of protection it is still very breakable and you will not be keeping products out of the hands of those who seek to acquire them illegally. Rather you will end up giving the legitimate user a headache from a frustratingly slow starting and slow running, unstable app. Same story as always, good old Joe Shmo gets screwed for no real good reason all in the name of stopping piracy and that, my friend, will never happen.

Last edited by bollygud; 05-16-2004 at 11:11.
Reply With Quote
  #5  
Old 05-16-2004, 12:16
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Quote:
Originally Posted by bollygud
it is extremely easy (but time consuming) to unpack the apps
Just reconstruct the crime scene,the target will run in no time.

Last edited by britedream; 05-16-2004 at 15:58.
Reply With Quote
  #6  
Old 05-25-2004, 21:59
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
this time I did unpack the test target in the traditional way , just I patched three locations, and fixed the iat using importrec, the target ran , now I will test this on commercial target protected with registered version, as soon as time permit.

Last edited by JMI; 05-26-2004 at 00:24.
Reply With Quote
  #7  
Old 05-25-2004, 22:08
hobgoblin hobgoblin is offline
Friend
 
Join Date: Jan 2002
Posts: 124
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 5 Posts
hobgoblin Reputation: 0
Hmm

Interesting.:-)
Try the newest version of WhereIsIt...

regards,
hobgoblin
Reply With Quote
  #8  
Old 05-29-2004, 23:09
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To hobgoblin
Today I tried your target "whereisit" protected by the latest asprotect, I did unpack it ,it is running on my pc, I will up load it to you tomorrow.
Reply With Quote
  #9  
Old 05-30-2004, 03:21
hobgoblin hobgoblin is offline
Friend
 
Join Date: Jan 2002
Posts: 124
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 5 Posts
hobgoblin Reputation: 0
Cool.

That's cool. I'm looking foreward to see how you resolved this. I have made a dump that I think will work. I just don't haven't figured out how to fix the iat trouble.

regards,
hobgoblin
Reply With Quote
  #10  
Old 05-30-2004, 14:36
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To hobgoblin:

Sorry I couldn't upload it to the exetools, please pm with your email.

It is an asprotect beta,so I am not going to put detailed steps for unpacking it in the open forum, for the obvious reason,but there aren't that many steps anyway, just find where asprotect is directing the iat , force it to make the table for you, use ImportRec to fix the table.second , overcome the antidump.done.

in my unpacking I concentrated on the iat , so for time limitation, I didn't redirect the antidumps, I just used the same high memory as asprotect, and code small dll as finger saving for that purpose,Also I didn't redo the process for fixing the iat for the five or so left apies, I just code them directly, you will distinguish my direct adding form ImportRec adding.

since I am using a high memory, it may not work if your configuration is different than mine, I will try to redirect the antidumps in the future, to avoid that.
here is an image of some jumps to iat to show the ones I directly added and the imortRec adding:

Last edited by britedream; 05-30-2004 at 16:56.
Reply With Quote
  #11  
Old 05-30-2004, 14:54
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
no need for the image, the whole iat now is fixed by importrec: here itis:
this one should works on all xp now.{don't use it , just compare to}
Attached Files
File Type: txt treefinal4.txt (29.9 KB, 28 views)

Last edited by britedream; 06-02-2004 at 16:27.
Reply With Quote
  #12  
Old 05-30-2004, 16:44
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
hobgoblin, please check your email, target has been sent.
Reply With Quote
  #13  
Old 05-30-2004, 18:47
SvensK
 
Posts: n/a
I wouldn't mind a copy of that as well
Reply With Quote
  #14  
Old 05-30-2004, 20:33
R@dier
 
Posts: n/a
Hi britedream,
Please could you send a copy to me as well
Many Thanks
R@dier
Reply With Quote
  #15  
Old 05-31-2004, 12:11
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To R@der and svensk:

please wait ,I am waiting for a feed back. regarding the unpacked to see how it works on other pc.

Last edited by britedream; 05-31-2004 at 16:07.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone can help me with this one?? ASProtect loman General Discussion 0 12-31-2003 16:37


All times are GMT +8. The time now is 21:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )