#1
|
|||
|
|||
Inline patch or loader for Asprotec 1,24-1.3????
hi
I got a proggy is packed with Asprotec 1.24-1.3 and I don't know how can I make a loader (because ERROR 45) Protection Error . Have some one a Idea?? hXXp://www.haenlein-software.de/haenlein-software/index2.php?navigation=dvr-studio-pro&s=2&unav=nav_progs&sprache=german Many Thanks |
#2
|
|||
|
|||
Maybe this will help you.
hxxp://www.exetools.com/forum/showthread.php?t=2300&highlight=AsProtect+Loader+v0.b Another tool you can try,I think it's great. Quote:
|
#3
|
|||
|
|||
thanks
bad this still not work :-(, shit because i god many Errors :-( |
#4
|
||||
|
||||
ABEL Loader Maker can make asprotect loader. it patch when he find the window
of the app. another little trick i use to make asprotect loaders: i code a loader which wait till a value is written to memory, after the crc check so it look like this in asm Code:
invoke CreateProcess,addr filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ADDR Startup, ADDR processinfo .IF eax == NULL invoke MessageBox, NULL,SADD ("Can't create process"),ADDR filename, MB_ICONEXCLAMATION .ELSE @readagain: invoke ReadProcessMemory, processinfo.hProcess,04BB014h,addr ReadByte, 4, NULL .if dword ptr[ReadByte]==00401270h ;test value ...is crc check over? ;now patch.... invoke WriteProcessMemory, processinfo.hProcess, 0043CFC7h, ADDR NewBytes,SIZEOF NewBytes, NULL invoke WriteProcessMemory, processinfo.hProcess, 00490a9ch, ADDR NewBytes2,SIZEOF NewBytes2, NULL .else jmp @readagain .endif .ENDIF
__________________
Thinking In Bytes |
#5
|
|||
|
|||
the_beginner:
Small lesson in proper English spelling, simply because your effor makes a word you do not intend. You keep spelling the English word "got" (erhalten) as "god" which is the English word for Gott. Major difference. I know that in German a "d" at then end of a word can sometimes be pronounced as a "t" but that is a rather important word not to use by mistake. Verstehen? Regards,
__________________
JMI |
#6
|
||||
|
||||
here is an example loader code for an asprotect code:
Code:
http://diablo2oo2.di.funpic.de/stuff/photoclean.2.10-aspr.loader.sourcecode.rar Code:
http://www.trulyphotomagic.com loaders for many asprotect apps. Code:
http://diablo2oo2.di.funpic.de/stuff/dup.memcheck.loaders.jpg
__________________
Thinking In Bytes |
#7
|
|||
|
|||
Quote:
kyrios |
#8
|
||||
|
||||
Quote:
this "limitation and/or executions limitations" which you mean are stored in registry. you can clean them: http://diablo2oo2.di.funpic.de/downloads/DelAsprKeys.rar anyway asprotect is not the only one protector which has process crc checks.
__________________
Thinking In Bytes |
#9
|
|||
|
|||
i saw inline patching on ASPRed 1.31 which is pretty amaze me how they did it. I'm sure they use blacklisted key because the program run fully registered.
Advanced MP3 Catalog Pro 3.16 for instance by sthepenteh (from Ressurect team). Another one is Astonshell 1.9 by someguy (from underPL?) Any tool or tut will be definitely usefull for everyone else. Ofcourse tut is much more precious. kyrios |
#10
|
|||
|
|||
Will it kill the days limitation and/or executions limitations? If not, it will be useless.
don't pretend a loader maker or patch maker will do everything for you.. you most find the bytes to crack the app. at the end that's all you want.. you can kill, by finding the needed bytes, time execution or time limit for any asprotect app. without any special option... have use of debugger and some dead code analisys. i saw inline patching on ASPRed 1.31 which is pretty amaze me how they did it. I'm sure they use blacklisted key because the program run fully registered. Advanced MP3 Catalog Pro 3.16 for instance by sthepenteh (from Ressurect team). Another one is Astonshell 1.9 by someguy (from underPL?) Any tool or tut will be definitely usefull for everyone else. Ofcourse tut is much more precious. there's some new method or tool they use for asprotect 1.x-2.x and it looks they don't even need OEP for the inline patch.... just the bytes to crack the app..... still haven't seem any info. about this maybe it's private and maybe noone who knows it will make it public to make hard time To Alexey Last edited by Crk; 12-21-2004 at 02:04. |
#11
|
|||
|
|||
there seems to be a weekness in crc checking of aspr'd programs in the protectd/encrypted data not the code.
some crackers enject code in that area, which makes a call to certain address in which they place the required instructions.you can trace the decompression/decryption routine to see what to enject to get the required call to that address. examples of aspr'd targets that were attacked by that method are iso commander 1.5.052,1.50.060, reget deluxe 4.1.241 (twice by tsrh and digiratti). |
#12
|
||||
|
||||
I spoke with stephenteh of team RES via PM to ask him about aspr method, which he also used on Gene6 FTP server, he told me he learnt method from cracks that revenge crew used hxxp://revenge.crackdb.com/ but ther is no info on there web site.
I looked at Gene6 patch, it only seems to change 4 bytes, plus change section length to include registration data, it looks to me like the encryption has broken somehow, caus the 4 bytes decrypt to different code after aspr decryption. i am still looking for more info on this method -- bedrock |
#13
|
|||
|
|||
Quote:
|
#14
|
|||
|
|||
@JMI
PHP Code:
@diablo2oo2 Many thanks,I hope this help me (Ich könnte auch Schreiben vielen Dank denn Du kommst ja auch aus dem Deutschland oder wie kommt man zu einer .de Adresse :-) ) cu |
#15
|
|||
|
|||
the_beginner:
Nobody is criticizing your English or suggesting it is 'bad." I simply pointed out that one small letter made a very important difference in those two words, an error which you might want not to make. And thanks for the offer. Regards,
__________________
JMI |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Loader or inline-patching for Safecast. | SystemeD | General Discussion | 1 | 05-20-2005 19:46 |
Questions about Inline patch for unpacking | t4d | General Discussion | 1 | 01-14-2004 13:49 |