Results 1 to 4 of 4

Thread: How to detect double-dip of ASPR and locate them?

  1. #1

    How to detect double-dip of ASPR and locate them?

    another how to

    I just want to find a general way to locate the double-dip of ASPR. There is no /tracex in Win2K. so did you use the tracer of RV? please share your discovery

    sometimes I find the double-dip is right after RegQueryValueExA("Key").
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  2. #2
    my new hair style :) +SplAj's Avatar
    Join Date
    Feb 2001
    Location
    Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria
    Posts
    373

    Lightbulb hi sol

    ...and after that you saw the call address for dip is a reference address stored a lookup table......and so lookup the lookup table in SI and see how many other addresses are around there .......note them down or 'print screen' and maybe bpx them now to check ?

    Spl/\j
    Carve my name into your arm :)

  3. #3
    thx SplAj. I will try it

    How about your legs now?
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  4. #4
    Hi Solomon.

    As fox3 pointed out in some other thread, AsProtect stop at 401014 before dipping, so you can use your usual trick of bpx at iret and then set bpm 401014 x, sice should breaks there and u will find the dipping area after a weeny bit of tracing :>

    Also, you can use revirgin to note down all dip VA and set breakpoint on them when u break at 401014... that will aid tracing a bit :>...

    regards,
    Last edited by crUsAdEr; March 19th, 2002 at 14:47.

Similar Threads

  1. Replies: 1
    Last Post: June 18th, 2013, 11:59
  2. Is this possible to locate?
    By dre3 in forum The Newbie Forum
    Replies: 5
    Last Post: March 2nd, 2008, 11:42
  3. Aspr - Aspack double pack? :)
    By kandinsky in forum Malware Analysis and Unpacking Forum
    Replies: 15
    Last Post: November 28th, 2002, 03:27
  4. How to manually locate IAT start?
    By foxthree in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: March 4th, 2002, 15:39
  5. How to locate Call Relocation Table in .Exe
    By EverPresent in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: February 7th, 2001, 05:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •