Jump to content
Tuts 4 You

Opera (aspack Protected)

Guest sac

By Guest sac
in Programming and Coding

Recommended Posts

Guest sac

Guest sac

Posted
Posted

Hi,

there are many things I don

Teddy Rogers

Teddy Rogers

Posted
Posted

What has this got to do with Programming and Coding?

Ted.

Angel-55

Angel-55

Posted
Posted

Did you try attaching Opera while it's opened using ollydbg ??

cause then you can see modules used and choose the Opera.dll

debugging it should be more easier this way althoug i recommend

sometimes for using loaddll as a program to check it's behaviour :)

any way Ted is right what does this got to do with Programming And Coding

and what's your question anyway except that ?? you should write it clear so

we can understand exactly what you need...........

Cheers To All

Guest sac

Guest sac

Posted
Posted

What I want to change in Opera is a little bit complicated (because of that I wrote it

Angel-55

Angel-55

Posted
Posted

Now i understand why you opened it in the Programming And Coding section :D

you want to use code injection you said the file is protected using ASPack ??

did you unpack the file first befire trying to debug it..........now you can count on

a few strings to get your start position "it's related to the programming language"

some languages doesn't support too many strings then you can use olly's plugins

to get your strings out of sections you could try searching a few sections for some tips

too that might help you workign with that language injecting itn's that easy you know

especially when it gets to a big coding part it needs space so you'll add a section who cares

it needs time you'll have enough to code the whole program again ;) but experience ?! this is

what should make you think can i inject assembly that well as for a start you'll understand code

it's the first part then start getting your addresses and commands ready for injection and good luck

you must find PARAMS and check there usage cause you might need to use them they are almost 80%

pointers like DWORD PTR DS:[XXXXX+EBP] or something :)

Good Luck With It And Any Help The Members Are Ready to Give It !!

Cheers To All

Teddy Rogers

Teddy Rogers

Posted
Posted

Or you could create a dynamic link library and inject it where you want and then call your custom functions from it...

Ted.

Guest sac

Guest sac

Posted
Posted

Thanks for the answers and ideas.

did you unpack the file first befire trying to debug it.

This is the problem. The unpacked dll is of course in the ram. I copied it from there and saved it, but it still seems to be altered from ASPack. The FAQ of them says:

Can I decompress an ASPack'ed file?

No. One of the reasons for using ASPack is to protect applications against patches and decompilation, and the decompressor by design creates obstacles for hackers.

you must find PARAMS and check there usage cause you might need to use them they are almost 80%

pointers like DWORD PTR DS:[XXXXX+EBP] or something

and

Or you could create a dynamic link library and inject it where you want and then call your custom functions from it...

But I need the exact jump position in the code for both methods, right? I couldn

Angel-55

Angel-55

Posted
Posted

ASPack can be easly unpack even a DLL so.........?? what's the problem

you can do it manually or by a tool it's your choice of course decompressed

data is in memory but you can dump "you said copied i donno if you did this !"

and then the file won't run fine or maybe at all because of IAT matters you'll have

you reconstruct the thunk table with includes the API's that are imported by the program

from the system's DLLs you can do it by many tools mostly used is "Import REConstructor"

that can rebuild a new IAT and add it to file just to make sure imports are all valid and arranged too

this is the way system work ASPack doesn't damage any imports at all so finding IAT is too damn easy

that is a peice of cake you can even do it using Import REConstructor if you want not much "auto search"

and voila all IAT is clean and found nothing is invalid in 95% of cases so go for it :D and read tuts about it

as for tools you can use many tools found on the forums homepage and one of the best tools to unpack such

protections is ap0x's unpackers he has a quit nice collection "thanks ap0x" great tools for usage check them out !!

and yes you'll have to find a startr point as Ted said we didn't say it's easy but it's possible lets see

strings didn't help ?? so any chance to get a function for example we have a menu the dialog of about

doesn't have any strings in the program so in the same menu there is another dialog that can be found don't you

think back tracing can help you ?? "better" you could count on API's commonly used for some purposes try finding

a usefull one for example for a search bar might a GetDlgItemTextA or GetWindowTextA API help to break when the program gets you search string ??? maybe you didn't think of it but try it might work !! else any DLL used for s spesific

usage like for connecting to proxies........ you can break on it's loading to memory using LoadLibraryA and get your call

"home" using stack :D many ideas that can be used here you should be more imaginative in such cases try finding a single

thing that might help you up even if it's hard but i think it's worth trying :D lol

Good Luck Then My Friend And BTW Dynamic Link Library Needs Coding :P

In Case You Aren't A Coder Try Something Else............ :lol:

Cheers To All

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...