[unpackme] ASProtect v2.41 02.26

[acidflash]

Good Luck!

ASProtect_UnPack_Me.rar

[Keyvanriko0]

Unpacked

http://rapidshare.com/files/122019094/Unpacked.rar.html

[acidflash]

Unpacked

http://rapidshare.com/files/122019094/Unpacked.rar.html

Again, execellent work...

Is any protector actually usefull??

[pseudonym]

of what use is this?

unpackme protected with xxx

unpacked xxxx

I really can not see the point.

[quosego]

UHm to learn to unpack a protection???

See if you've still got the skills.. See if there's anything new??

Reversers generally like to unpack stuff.. These unpackme's have specific protections so that you test your skills..

Quite logical I thought...

And if you unpack it well there's no reason why you shouldn't show of your skill.

@ Keyvanriko0:

Unpacked

CODE

http://rapidshare.com/files/122019094/Unpacked.rar.html

Nice scripted unpack..

Voix did indeed do a great job on that script.. Though you should give him some credits..

A MUP anyone??

quosego

Edited June 13, 2008 by quosego

[pseudonym]

here's a unpackme, here it is unpacked with no discussion of methods is just boring and if a script was used then absolutley pointless.

[SUB Z3R0]

quosego:

Agree with you !

Easily can be unpacked by volx professional unpacker script ("Aspr 2.xx Unpacker Script By Volx".)

		   SDK stolen code sections = 00000002
		   SDK stolen code section address = 01BD0000
		   SDK stolen code section address = 01BE0000		   Address of IAT = 00413000
		   RVA of IAT = 00013000
		   Size of IAT = 000003D8		   Address of OEP = 00401E6E
		   RVA of OEP = 00001E6E

Edited June 13, 2008 by SUB Z3R0

[Ar4sh]

and me too , agree with quosego ...

people can't try manual/Handly but try and use COMPLETE UNPACKER SCRIPT for unpacking

All WORK Credit to VOLX

have phun !

Edited June 13, 2008 by Ar4sh

[Keyvanriko0]

@quosego

Yep you right but! asprotect handmode unpacking also no hard for me ; ) BR

[quosego]

Well indeed that would be the only reason why one should be allowed to use a script..

I will wait for your MUP then

quosego

[NeO]

a tut would be nice contribution

[deSreT]

after running unpacking script, what should I do for restore about stolen byte near the OEP?? can anyone explain it..thank you very much

[vinnie]

after running unpacking script, what should I do for restore about stolen byte near the OEP?? can anyone explain it..thank you very much

If you watch one of Lena151 tutorials (lesson 38 to 41), she demonstrates how to use the script and restore the stolen bytes.

Basically you dump the section that the script stops on and then append it to the fixed dump. Also with the new Volx script, you need to do some setting up. Read the included readme for details.

Edited June 23, 2008 by vinnie

[metr0]

I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck.

[vinnie]

I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck.

YAY! I am interested in it so you are full of luck. Been looking forward to your continuation of the imports tut you did for a loong time now. Asprotect stolen code has always been a weak spot for me.

Edited June 24, 2008 by vinnie

[acidflash]

I am currently recording a video tutorial about how to fix those stolen bytes manually, might be interesting for some one. If not, I am out of luck.

I'm very interested also

[thisistest]

http://www.namipan.com/d/UCHang100%e4%b8%8...b50ff8739740600

patch Aspr2.3注册框 2.3 0514版本 微笑一刀加的壳

patch Aspr2.3注册框 2.3 0514版本 微笑一刀加的壳

用到的脚本kangdy 2008 4.7更新后的脚本 这个脚本不行

脚本走到这里脚本运行窗口, 条目 4482

行号=4482

命令= bp tmp3

这里调出注册框

009DE77E 50 PUSH EAX

009DE77F A1 AC959E00 MOV EAX,DWORD PTR DS:[9E95AC]

009DE784 50 PUSH EAX

009DE785 E8 6A5FFEFF CALL 009C46F4

009DE78A 8BD8 MOV EBX,EAX

009DE78C 85DB TEST EBX,EBX

009DE78E 74 7C JE SHORT 009DE80C ？

009DE790 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]

009DE794 50 PUSH EAX

009DE795 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]

009DE799 8BD3 MOV EDX,EBX

009DE79B A1 AC959E00 MOV EAX,DWORD PTR DS:[9E95AC]

009DE7A0 E8 8F62FEFF CALL 009C4A34

009DE7A5 B2 01 MOV DL,1

009DE7A7 A1 E44E9C00 MOV EAX,DWORD PTR DS:[9C4EE4]

009DE7AC E8 8F70FEFF CALL 009C5840

009DE7B1 8B15 980A9E00 MOV EDX,DWORD PTR DS:[9E0A98]

009DE7B7 8902 MOV DWORD PTR DS:[EDX],EAX

009DE7B9 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7BE 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7C0 E8 3788FEFF CALL 009C6FFC

009DE7C5 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7CA 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7CC 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]

009DE7D0 8B1424 MOV EDX,DWORD PTR SS:[ESP]

009DE7D3 E8 188BFEFF CALL 009C72F0

009DE7D8 84C0 TEST AL,AL

009DE7DA 75 0A JNZ SHORT 009DE7E6

009DE7DC 68 4CE89D00 PUSH 9DE84C ; ASCII "170

"

009DE7E1 E8 A270FDFF CALL 009B5888

009DE7E6 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7EB 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7ED 33D2 XOR EDX,EDX

009DE7EF E8 7486FEFF CALL 009C6E68

009DE7F4 A1 980A9E00 MOV EAX,DWORD PTR DS:[9E0A98]

009DE7F9 8B00 MOV EAX,DWORD PTR DS:[EAX]

009DE7FB B1 01 MOV CL,1

009DE7FD 33D2 XOR EDX,EDX

009DE7FF E8 187BFEFF CALL 009C631C 这里调出注册框

009DE804 8B0424 MOV EAX,DWORD PTR SS:[ESP]

009DE807 E8 583DFCFF CALL 009A2564

009DE80C A1 7C0A9E00 MOV EAX,DWORD PTR DS:[9E0A7C]

009DE811 C600 DE MOV BYTE PTR DS:[EAX],0DE

009DE814 803D F4089E00 0>CMP BYTE PTR DS:[9E08F4],0

009DE81B 74 05 JE SHORT 009DE822

009DE81D E8 E2E1FFFF CALL 009DCA04

009DE822 8BC6 MOV EAX,ESI

009DE824 E8 EB43FCFF CALL 009A2C1

http://www.namipan.com/d/60056b417f4e4ec7f...000386f82792800

[HVC]

Bot ?