Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-29-2004, 12:02
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Asprotect Last Exception

This is the new script to bypass the asprotect trick of changing the last exception, I left the old asprotect since we already have script for them, this script should work on most new asprotect without skipping, it is only tested on handful of the new ones, so please feedback , if there is any problem.

[note2]
script now is updated to include all new asprotect.

Regards.
Attached Files
File Type: txt asplastex+Oepallnew.txt (1.3 KB, 76 views)

Last edited by britedream; 08-30-2004 at 06:59.
Reply With Quote
  #2  
Old 08-29-2004, 20:16
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Script above is update to include all new asprotect

it should work on all new asprotect now instead of most, for those who might have problem using the script on non xp pc , you might try the following script, it is identical to the above , except that I use ollyscript.dll to get the code size in instead of taking it from the pe header.

Regards.
Attached Files
File Type: txt asplastex+Oepallnew2.txt (1.3 KB, 76 views)

Last edited by britedream; 09-02-2004 at 05:12.
Reply With Quote
  #3  
Old 08-30-2004, 02:46
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
 
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
hey big unpacker! doesn't work on FlashPaste 2.0 Beta (hxxp://flashpaste.softvoile.com)
i think it's hard to get it working for really ALL asprotect
Reply With Quote
  #4  
Old 08-30-2004, 07:04
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Thanks Markus-DJM

way to go , this is the only way to make the script better,feedback,the script is corrected to your finding, please check it. this is why asprotect has an edge over others, hard to keep up with, you always find different breed. Thanks.
regards.
Reply With Quote
  #5  
Old 08-30-2004, 10:43
axl936 axl936 is offline
Friend
 
Join Date: Jul 2004
Posts: 46
Rept. Given: 13
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
axl936 Reputation: 0
100 % working..

@ britedream :
I have tryed your script.
I have tryed with my appz, and it works very fine now...
It stop my appz at last exception EVERY RUN NOW !!
(win 2000 pre sp5, ollyscript and hideDebug)

Congratulation for your great works !!
Bye and thanx !!
bye
Reply With Quote
  #6  
Old 09-02-2004, 05:28
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
script asplastex_Oepallnew2 has been corrected to work as good as asplastex_Oepallnew.for those who have the old one please change GMI eip,CODESIZE to GMI 401000,CODESIZE. this will make the script works from any address in the packer code .that was a tiny mistake I made ,sorry my knowledge of the script commands are not that great.please forgive my ignorance.Thanks

Regards.
Reply With Quote
  #7  
Old 10-18-2004, 23:26
Maltese
 
Posts: n/a
Your new script is really nice. Great work. However I have a problem.

I am trying to unpack TheaterTek 2.0 which is protected by AsProtect.

Your script never stops at the last exception. After starting your script, TheaterTek just runs.

Any thoughts?

-Malt
Reply With Quote
  #8  
Old 10-19-2004, 15:15
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 210
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 46
Thanks Rcvd at 41 Times in 24 Posts
LaDidi Reputation: 11
Thanks...

It's a VERY good idea cause Stripper 2.11 RC2 has PB with "new" ASPR and the last exception : Hey Syd, you can do it !....
Best regards.
Reply With Quote
  #9  
Old 10-19-2004, 16:04
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To maltese

I really couldn't find your target to download, but my recent script is as below, please, try it , and see if it works.
Regards.

[notes] this only works on some of the recent asprotect.I didn't get any feedback in order to make it works on many asprotect targets.

script updated oct-23-2004
Attached Files
File Type: txt asoep6.txt (2.3 KB, 47 views)

Last edited by britedream; 10-24-2004 at 02:56.
Reply With Quote
  #10  
Old 10-19-2004, 23:30
Maltese
 
Posts: n/a
Thank you BriteDream for responding.

I tried the new script. No go. I sent you a PM so that you can try the script on the target file to see what I am seeing.

-Malt
Reply With Quote
  #11  
Old 11-03-2005, 20:59
mail-jvc
 
Posts: n/a
Stripper

I'm using Stripper since few month now and i found this tool very usefull but the last exception is really a problem, so i tried to find another way to unpack Asprotected progs ( i mean a simple way ) but haven't found. please Help !
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse engineering MS C++ exception handling jonwil General Discussion 1 04-10-2019 03:11
how to trace a program exception? rcer General Discussion 6 01-16-2017 07:31
The Exception Table hook STRELiTZIA General Discussion 0 10-25-2011 17:05
Last exception for asprotect britedream General Discussion 7 04-09-2004 15:56


All times are GMT +8. The time now is 19:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )