Jump to content
Tuts 4 You

[unpackme] ASProtect v2.41 02.26


acidflash

Recommended Posts

Unpacked
http://rapidshare.com/files/122019094/Unpacked.rar.html

Again, execellent work...

Is any protector actually usefull??

Link to comment

UHm to learn to unpack a protection???

See if you've still got the skills.. See if there's anything new??

Reversers generally like to unpack stuff.. These unpackme's have specific protections so that you test your skills..

Quite logical I thought...

And if you unpack it well there's no reason why you shouldn't show of your skill. :)

@ Keyvanriko0:

Nice scripted unpack..

Voix did indeed do a great job on that script.. Though you should give him some credits.. ;)

A MUP anyone??

quosego

Edited by quosego
Link to comment

here's a unpackme, here it is unpacked with no discussion of methods is just boring and if a script was used then absolutley pointless.

  • Like 1
Link to comment

quosego:

Agree with you ! :sweat:

Easily can be unpacked by volx professional unpacker script ("Aspr 2.xx Unpacker Script By Volx".)

		   SDK stolen code sections = 00000002
SDK stolen code section address = 01BD0000
SDK stolen code section address = 01BE0000 Address of IAT = 00413000
RVA of IAT = 00013000
Size of IAT = 000003D8 Address of OEP = 00401E6E
RVA of OEP = 00001E6E
Edited by SUB Z3R0
Link to comment

and me too , agree with quosego ...

people can't try manual/Handly but try and use COMPLETE UNPACKER SCRIPT for unpacking :doh:

All WORK Credit to VOLX :banana:

have phun ! :lock:

Edited by Ar4sh
Link to comment

Well indeed that would be the only reason why one should be allowed to use a script..

I will wait for your MUP then :)

quosego

Link to comment

after running unpacking script, what should I do for restore about stolen byte near the OEP?? can anyone explain it..thank you very much

Link to comment
after running unpacking script, what should I do for restore about stolen byte near the OEP?? can anyone explain it..thank you very much

If you watch one of Lena151 tutorials (lesson 38 to 41), she demonstrates how to use the script and restore the stolen bytes.

Basically you dump the section that the script stops on and then append it to the fixed dump. Also with the new Volx script, you need to do some setting up. Read the included readme for details.

Edited by vinnie
Link to comment

I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck. :P

Link to comment
I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck. :P

YAY! I am interested in it so you are full of luck. Been looking forward to your continuation of the imports tut you did for a loong time now. Asprotect stolen code has always been a weak spot for me.

Edited by vinnie
Link to comment
I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck. :P

I'm very interested also ;)

Link to comment
  • 3 weeks later...

http://www.namipan.com/d/UCHang100%e4%b8%8...b50ff8739740600

patch Aspr2.3注册框 2.3 0514版本 微笑一刀加的壳

patch Aspr2.3注册框 2.3 0514版本 微笑一刀加的壳

用到的脚本kangdy 2008 4.7更新后的脚本 这个脚本不行

脚本走到这里脚本运行窗口, 条目 4482

行号=4482

命令= bp tmp3

这里调出注册框

009DE77E 50 PUSH EAX

009DE77F A1 AC959E00 MOV EAX,DWORD PTR DS:[9E95AC]

009DE784 50 PUSH EAX

009DE785 E8 6A5FFEFF CALL 009C46F4

009DE78A 8BD8 MOV EBX,EAX

009DE78C 85DB TEST EBX,EBX

009DE78E 74 7C JE SHORT 009DE80C ?

009DE790 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]

009DE794 50 PUSH EAX

009DE795 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]

009DE799 8BD3 MOV EDX,EBX

009DE79B A1 AC959E00 MOV EAX,DWORD PTR DS:[9E95AC]

009DE7A0 E8 8F62FEFF CALL 009C4A34

009DE7A5 B2 01 MOV DL,1

009DE7A7 A1 E44E9C00 MOV EAX,DWORD PTR DS:[9C4EE4]

009DE7AC E8 8F70FEFF CALL 009C5840

009DE7B1 8B15 980A9E00 MOV EDX,DWORD PTR DS:[9E0A98]

009DE7B7 8902 MOV DWORD PTR DS:[EDX],EAX

009DE7B9 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7BE 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7C0 E8 3788FEFF CALL 009C6FFC

009DE7C5 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7CA 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7CC 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]

009DE7D0 8B1424 MOV EDX,DWORD PTR SS:[ESP]

009DE7D3 E8 188BFEFF CALL 009C72F0

009DE7D8 84C0 TEST AL,AL

009DE7DA 75 0A JNZ SHORT 009DE7E6

009DE7DC 68 4CE89D00 PUSH 9DE84C ; ASCII "170

"

009DE7E1 E8 A270FDFF CALL 009B5888

009DE7E6 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7EB 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7ED 33D2 XOR EDX,EDX

009DE7EF E8 7486FEFF CALL 009C6E68

009DE7F4 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7F9 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7FB B1 01 MOV CL,1

009DE7FD 33D2 XOR EDX,EDX

009DE7FF E8 187BFEFF CALL 009C631C 这里调出注册框

009DE804 8B0424 MOV EAX,DWORD PTR SS:[ESP]

009DE807 E8 583DFCFF CALL 009A2564

009DE80C A1 7C0A9E00 MOV EAX,DWORD PTR DS:[9E0A7C]

009DE811 C600 DE MOV BYTE PTR DS:[EAX],0DE

009DE814 803D F4089E00 0>CMP BYTE PTR DS:[9E08F4],0

009DE81B 74 05 JE SHORT 009DE822

009DE81D E8 E2E1FFFF CALL 009DCA04

009DE822 8BC6 MOV EAX,ESI

009DE824 E8 EB43FCFF CALL 009A2C1

http://www.namipan.com/d/60056b417f4e4ec7f...000386f82792800

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...