#1
|
||||
|
||||
Asprotect 2.1x SKE target
I need your advice.
I have a program which I know the direction of its OEP by a later version and uses the same compiler again. Now it's protected by ASPROTECT 2.1x SKE and I ask myself if it serves as something (unpack) to know the direction the OEP. The IAT will be also in the same direction? What I can do with OLLY knowing their OEP (401000) and knowing as is their STOLEN BYTES (by the previous version)? What you recommend to me to do with olly? Peid generic plugin unpacks file (very easy... uhmm? ), but when I load it with Olly it shows 0xc000005 error (IAT rebuilding, I know it) and I can not trace it because ALWAYS shows this error, so how can I stop at 401000 (OEP) to can trace it? BTW:ASPROTECT 2.1x SKE tuts? |
#2
|
|||
|
|||
can direct or cant, if adv oep protection used it will not start on 401000 but stolen codes somewhere in aspr code, when i tried to compress serv-u 5 to check how much it will steal, aspr 2.11 ske stole 6100 bytes from oep, at least thats what he said, c0000005 is access violation aspr uses it a lot of time, try shift+f9 to pass it, when you press just f9 it will crash with that exception. to stop at 401000 you can do memory break on access there, hardware breakpoints will not work because aspr will clear them, i dont even know if anti_drx or anti_hardware_breakpoint plugin will help, due aspr uses seh to clear drx regs
|
#3
|
|||
|
|||
More TUT from WWW.PEDIY.COM
http://bbs.pediy.com/forumdisplay.php?s=&forumid=8 http://bbs.pediy.com/showthread.php?s=&threadid=19313 http://bbs.pediy.com/showthread.php?s=&threadid=19307 http://bbs.pediy.com/showthread.php?s=&threadid=19110 http://bbs.pediy.com/showthread.php?s=&threadid=18893 |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
where's the error in this asprotect-target? | MaRKuS-DJM | General Discussion | 48 | 01-15-2004 22:52 |