Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-12-2005, 01:06
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
Asprotect 2.1x SKE target

I need your advice.
I have a program which I know the direction of its OEP by a later version and uses the same compiler again.
Now it's protected by ASPROTECT 2.1x SKE and I ask myself if it serves as something (unpack) to know the direction the OEP.
The IAT will be also in the same direction?
What I can do with OLLY knowing their OEP (401000) and knowing as is their STOLEN BYTES (by the previous version)?


What you recommend to me to do with olly?

Peid generic plugin unpacks file (very easy... uhmm? ), but when I load it with Olly it shows 0xc000005 error (IAT rebuilding, I know it) and I can not trace it because ALWAYS shows this error, so how can I stop at 401000 (OEP) to can trace it?



BTW:ASPROTECT 2.1x SKE tuts?
Reply With Quote
  #2  
Old 12-12-2005, 06:17
Human
 
Posts: n/a
can direct or cant, if adv oep protection used it will not start on 401000 but stolen codes somewhere in aspr code, when i tried to compress serv-u 5 to check how much it will steal, aspr 2.11 ske stole 6100 bytes from oep, at least thats what he said, c0000005 is access violation aspr uses it a lot of time, try shift+f9 to pass it, when you press just f9 it will crash with that exception. to stop at 401000 you can do memory break on access there, hardware breakpoints will not work because aspr will clear them, i dont even know if anti_drx or anti_hardware_breakpoint plugin will help, due aspr uses seh to clear drx regs
Reply With Quote
  #3  
Old 12-12-2005, 17:04
xyzjhe
 
Posts: n/a
More TUT from WWW.PEDIY.COM

http://bbs.pediy.com/forumdisplay.php?s=&forumid=8

http://bbs.pediy.com/showthread.php?s=&threadid=19313

http://bbs.pediy.com/showthread.php?s=&threadid=19307

http://bbs.pediy.com/showthread.php?s=&threadid=19110

http://bbs.pediy.com/showthread.php?s=&threadid=18893
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
where's the error in this asprotect-target? MaRKuS-DJM General Discussion 48 01-15-2004 22:52


All times are GMT +8. The time now is 23:33.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )