Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Rlp Imprec Plugin - Need Help :/

Killboy
Killboy
in Programming and Coding

Featured Replies

Posted

Lo :D

I recently started investigating Reversing Labs Protector a little.

Finding OEP isn't very hard, if you know how to proceed (2 easy ways)

The only thing I still miss in order to have a working dump is a valid IAT, that's why i started coding an ImpRec plugin.

Actually it's nothing hard so far, it is my second ImpRec plugin tho, so don't expect something special.

I only have some problems regarding the code, it just won't work...

That's the code:

	// push XXXXXXX
	if (to_trace[0] == 0x68)
	{
		// Get XXXXXXXX in the push XXXXXXX
		DWORD address = *((DWORD*)(to_trace+1));
		address += *((DWORD*)(to_trace+8));		if (IsBadReadPtr((VOID*)address, 4))
		{
			// Bad pointer!
			UnmapViewOfFile((LPCVOID)dwPtrOutput);
			CloseHandle((HANDLE)hFileMap);
			return (205);
		}		// Get the value in XXXXXX and write it to the mapped file		dwPtrOutput = (DWORD*)address;
		// OK
		UnmapViewOfFile((LPCVOID)dwPtrOutput);
		CloseHandle((HANDLE)hFileMap);
		return (200);
	}

The general appearance is like this:

Push Value1

Add [ESP], Value2

Retn

When tracing the IAT with my plug ImpRec creates some weird message in Win16 kernel deepest system memory error somewhere at 0x77....

Then it traces as if nothing happened but I only get return messages like -2301367103 and stuff like that...

Could anyone please help me with that one ?

the plugin is already coded.. :) by someone.. (i can remember who?? ) :dunno:

but if u want to code your own thats ok :)


/>http://rapidshare.de/files/36953893/Reversing_l_0.7.rar.html

  • Author

Found the mistake !

It's slightly bigger than the one you posted, but who cares :P

6kb in size is quite okay for an imprec plugin (written in c++)

Was fun doing it and a good exercise in coding ImpRec plugs :)

File attached for anyone who wants to have it, but I'd also take the smaller one if it wasn't my plugin...

You always trust things more which are selfmade, huh ;)

Here you go:

RLP.rar

  • Author

Sorry for double post, just wanted to say that I quickly converted the source to MASM, very easy with the provided example sources shipped with ImpRec :)

If anyone cares, it's half as big and probably 1%faster than the other one.

Anyway, it'sattached :P

RLP.rar

Edited by KillBoy-PowerHead

nice work :thumbsup:

Good, now look at ACProtector IAT redirection :) Does it make you laugh :)

Edited by ap0x

  • Author

Here's the source :)

It's the DLL and both sources in C++ and MASM.

I'm not totally sure if the C++ code still works, I threw it away after converting to MASM :o

Now I quickly redid it with the help of the given ImpRec examples and the MASM code...

But the MASM sources should work for sure (sorry for the hardcoded paths to the libs and incs, MASM seems to have problems with relative ones, dunno )

@ap0x

I have ACProtect installed, I'll take a look at it this afternoon, is it really that simple ?

Here you go:

RLP.rar

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.