|
#1
|
|||
|
|||
The new asprotect 1.31
I did download this beta, it is getting closer to acprotect approach, the new beta and the older asprotect both almost have the same concept.I wrote script to find the oep and the last exception, the true oep is directed by jmp to the asprotect area , where the stolen reside,this is done within the few exceptions (2-3, I don't remember now) before the last exception reached, for the iat , the apies are emulated inside the asprotect area, this is my initial observation, I believe this observation won't be new to most of you, but I thought I should share it with others who may not have it. please share your input if you can. thanks.
|
#2
|
|||
|
|||
I can find oep,about stolen bytes i use same compiler stubb approach and its working,but when i try to use imprec,imprec crash,can not fix iat.
|
#3
|
|||
|
|||
To: el-KiWi
in this weekend I did look at the beta , and I did unpack it ,but I used non traditional way for speed due to lack of time, I will look into the normal way used to unpack asprotect once I have the time,so play with it , I am sure you will unpack it. |
#4
|
|||
|
|||
this version makes it's a very difficult task to make a clean dump that you can use on any computer. however, it is extremely easy (but time consuming) to unpack the apps and have them run on your own machine (and possibly even the same OS on another machine). I may write a tutorial on the entire process and post it here, but the basic idea behind it is to dump and attach the aspr envelope to the dumped.exe file. This involves realigning dumped sections and playing with import functions. The biggest obstacle to overcome would be rebuilding an import table and IAT, since aspr now doesn't simply use redirection from withing the IAT.
And, if Alexey ever peers this forum (who knows) here's a little msg to him: Quote:
Last edited by bollygud; 05-16-2004 at 11:11. |
#5
|
|||
|
|||
Quote:
Last edited by britedream; 05-16-2004 at 15:58. |
#6
|
|||
|
|||
this time I did unpack the test target in the traditional way , just I patched three locations, and fixed the iat using importrec, the target ran , now I will test this on commercial target protected with registered version, as soon as time permit.
Last edited by JMI; 05-26-2004 at 00:24. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Anyone can help me with this one?? ASProtect | loman | General Discussion | 0 | 12-31-2003 16:37 |