Results 1 to 9 of 9

Thread: Ok , first rce topic : asprotect 1.1

  1. #1
    tsehp
    Guest

    Ok , first rce topic : asprotect 1.1

    Did someone managed to reverse it or rebuild the import table ?
    I made my first attempt on the last commview's version (2.3) and finally used a process patcher coded by r!sc.
    It works fine, you just have to kill the anti softice routines and locate
    the bytes to patch. The only problem is that your crack is win9x dependent, between nt and 9x , asprotect loads at different addresses. If someone is interested, I can give more details.

    tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Alexey Solodovnikov
    Guest
    > Did someone managed to reverse it or rebuild the import table ?

    Yep, I did.

    > If someone is interested, I can give more details

    Great! Could you send details to asprotect@aspack.com? I need for
    this info for the next version.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    LOL...

    I bet you did Alexey, hehehe

  4. #4
    tsehp
    Guest
    Thanks for your reply, I've sent my method to the address you provided me, and also an updated asprotect version to impeach what I found to work. Can you try to reverse it ? I plan to submit a job carrier at asprotect's team :P

    regards,

    tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    tsehp
    Guest

    Seriously

    Hi again,
    understand that's a reverser's board and I just can
    be such a traitor for this community
    But I have to admit that I really took some great pleasure to reverse the 1.1, it was much harder
    than the 1.05 version, for which I published an essay.
    So, congratulations, to me asprotect seems to be
    one of the most difficult to beat, but +orc said :
    If it runs it can be defeated !
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Bogus
    Guest
    Import List Rebuilder:
    http://www.reversing.net/TOOLS/016/readme.htm
    http://www.reversing.net/TOOLS/016/Imp_list.zip
    if it can decrypt import - it generate import0.bin - valid import section, just insert it to dump, bla-bla-bla...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    freddyk
    Guest
    OK a q on aspr 1.1 - it kills regmon when it runs, so you cant watch its registry stuff (same as in the new aspack 2.11... and he says its just updated for bugfixes - yeah right alex) - any idea how to bypass without editing aspr

    Also for 2.11 he sets up a reg key for the 30 days stuff - what variable does he use to decide this (the reg location (CLSID) changes on diff PCs)

    FK
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Dr.Golova
    Guest
    for bupassing closing RegMon just change in regmon.exe their window class ("RegmonClass") and window title ("Registry Monitor - Sysinternals: www.sysinternals.com").
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Solomon
    Guest
    If u are using Win9X, there is another way to bypass the RegMon check:
    try "Win-eXpose Registry" from http://www.shetef.com.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Very off-topic
    By funtikar in forum Off Topic
    Replies: 8
    Last Post: March 22nd, 2010, 19:42
  2. Where did my topic go?
    By gisenberg in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 4th, 2005, 01:07
  3. you deleated my topic!
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 26th, 2003, 16:13
  4. Maybe off-topic, but...
    By hobgoblin in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: December 6th, 2001, 00:23
  5. Completely off topic...
    By hobgoblin in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: December 4th, 2000, 06:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •