Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-21-2008, 16:26
Acido
 
Posts: n/a
Unknown ASProtect Version / AIP Question.

Hi,

I'm trying to unpack a program protected with an unknown version of ASProtect.

I have run it through DIE / Peid with VerA 0.15 plugin both identify it initially as: ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov *
Upon running VerA this however changes to: Version: [ Unknown! ], Signature: [ 7DCBD2DA ], E-Mail: [ [email protected] ]

Apart from that i have been checking some tutorials about 2.4SKE and what not, and the code looks pretty identical, i arrive at OEP without much problem using the bp on GetSystemTime, trace 5 times till return, and a couple traces through VM OEP is intact and has no stolen bytes.

Here comes the problem. It's using Advanced Import Protection from the looks of things. I have around 300 import calls routed into ASPR code instead, It's no problem to find out what imports to restore but some calls have garbage code right after the import call (have found 5 so far out of around 80 i have restored)

My question therefore is how do i find this stolen code after the import call?

BTW: None of the ollyscript aspr scripts works. Halts with an error: Something Error.

Thnx in advance.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question: Using dongle emulator for new version of a programme with cert files Turkuaz General Discussion 5 05-04-2018 03:08
IDA pro and Hex-Rays decompiler version question jonwil General Discussion 5 09-16-2014 22:47
? Question about Asprotect 1.2 degbugger detection zambuka42 General Discussion 3 09-11-2004 05:04
unknown armadillo version bughunter General Discussion 0 12-14-2002 04:35
unknown armadillo version ? bughunter General Discussion 0 12-14-2002 00:40


All times are GMT +8. The time now is 12:32.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )