#31
|
|||
|
|||
To Satyric0n
by no means I am more competent than you in anyway, however I did download the program, with few nops and it is running.if you see the program starting, then goes away,you are almost there. just make sure that you nop the call at 5735f7 from push ebx to pop ebx inclusively,also make sure that your Iat is correct ,imporRec failed to detect freeresource in this program.this is my Iat to compare to: Last edited by britedream; 08-31-2003 at 22:52. |
#32
|
|||
|
|||
to staryic0n:
I just noticed that your oep isn't correct, and your stolen bytes is missing one byte, here is the working info: oep=55 8B EC 83 C4 F0 53 B8 DC 4D 58 00 IAT is attached above. addresses to patch: are almost the same so start nopping from: xor eax,eax to mov xxxxxx,edx 5789d9 5735eb ;check my post above 578a1a 578a5b 578a9c 57d8c3 57d904 the last is jnz : 578ae4 nop ---------------------------------------------------------- Thanks to Hotpepper , it is a nice program! Last edited by britedream; 09-01-2003 at 01:24. |
#33
|
|||
|
|||
to Hotpepper
for you to practice ,try the new recordius 1.04,protection is the same as above ,it will take you no more than five min. , here some info to help you oep=11f674 Iatrva=777230 size~900 stolen bytes are the same as above.except eax value . good luck. britedream Last edited by britedream; 09-01-2003 at 04:37. |
#34
|
|||
|
|||
britedream,
I had the exact same IAT as you, so I guess I did at least that much correctly . But, you are absolutely correct on the OEP and stolen bytes; I missed the PUSH EBX, but at least had the correct distance between EBP and ESP... I am reviewing the rest of the information you posted, of the addresses to patch. Thank you very much for looking into this , it is nice to see the solution to this after as much time as I spent trying to figure it out, unsuccessfully. Last edited by Satyric0n; 09-01-2003 at 04:51. |
#35
|
|||
|
|||
britedream,
I looked over the addresses you said to NOP, and NOPing those did work perfectly. But I have found a different solution that has considerably less NOPing, and appears to work correctly. I agree with you on NOPing the procedure at 5735EC (PUSH EBX through POP EBX), but I think all the others you listed are unnecessary. Simply NOP the CALLs at 573782 and 57389B, and everything seems to work just fine. Again, thanks for your help. I would not have found any solution, yours or mine, without your input. |
#36
|
|||
|
|||
it may very well be, I didnot test it ,so nopping some of those may prevent going to the others.,I think I did
try to nop the 573782,but had some errors.so check it in the original program, and see if it works. Last edited by britedream; 09-01-2003 at 09:19. |
#37
|
|||
|
|||
NOPing 573782 definately works as long as you also NOP 57389B. Doing one or the other but not both does not work properly, but NOPing both seems to work great.
I know I have thanked you already for your help, but thank you again . It made me very happy to finally get this working, after so much frustration at being unsuccessful. I spent a pathetically long time trying to get it to work, when I knew it had to be a simple solution, and in the end it was. But, I learned a lot (about SEH especially) from working on it. From what I learned from this, I was able to get Recordius 1.04 unpacked and working without even thinking about it, so it was worth it. Maybe one day I can return you the favor. |
#38
|
|||
|
|||
My pleasure , and I am glad that my info was any benefit
to you. regards Last edited by britedream; 09-01-2003 at 15:42. |
#39
|
|||
|
|||
Thanks for all of you helping solve the problem.
Currently I am on the biz trip to out of my country. When I back to home, I will try that. Thanks, again HotPepper PS] I believe DropToCD and Recordius are really nice program. That is really small and have almost functionality that I want. |
#40
|
||||
|
||||
anyone knows oep and stolen bytes of anydvd? can't find it...
TIA |
#41
|
|||
|
|||
Quote:
OEP = 419CA4 stolen bytes = 55 B0 60 89 04 24 55 IAT RVA = 25000 IAT size = 2C8 The number of stolen bytes, ITA location, and ITA entries all seem very strange to me, so it is likely that this information is not 100% correct. It appears to work correctly, but I only tested the GUI, not the actual functionality. So, even if it's not totally correct, it's a good starting point. |
#42
|
|||
|
|||
generic ways
Hello all,
nice to read this thread and btw good work LaBBa. unpacking is an good way to defeat Aspr but for this kind of most used protectors i try allways to get more generic solutions. this is why i start ASload with NTSC. if you use ASload on DropToCD or other asprotected apps you will see what i mean. hxxp://www.cstn.cjb.net/ my problem is that i havent that time this days and iam a really bad and slow coder, if i can call my self so :~) if anyone want to help me or share some new tricks to handle the crypted part thing in aspr so message me plz... best regards. |
#43
|
|||
|
|||
Hi Satyric0n, britedream,
Thanks again for help those kind of procedure. For NOPing, I found new and simple method for that. Just 10 byte... at 0058547B(5 bytes) and 00585564(5bytes) these are located at some byte after from OEP. These 10 bytes NOPing remove the Trial Message dialog box also. Thanks, HotPepper |
#44
|
|||
|
|||
glad to see you tackling the program !
|
#45
|
|||
|
|||
Britedream
شكراً لك من القلب يرجى مراسلتي لتعرف والمواصلة معنا أخوك أبو عبد الله السعودية |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Aspr anyone know this one? | hobferret | General Discussion | 16 | 05-13-2015 22:54 |
More Aspr 1.31 | SvensK | General Discussion | 0 | 06-09-2004 22:52 |