Results 1 to 10 of 10

Thread: Newbie needs help

  1. #1
    oh12vn
    Guest

    Newbie needs help

    I spent two days hopelessly unpack this stupid program Chronograph 3.1 from {http://www.altrixsoft.com/} but cant find it OEP.

    PE ID says that it was packed by Asprotect 1.23 RC4 Demo.
    Image Base 00400000, EP : 1000.
    But when I traced the prog using Olly , addresses change from 007xxxxx to 003xxxxx. I dont know where the OEP is.

    I supposed that there are some probs with the PE header ,but when I tried to modify it. PE editor tools keep saying that the file (or the PE header) is read only.

    Can anybody help me? Since I'm new here. If any probs , just tell me and I'll fix it.

    Please answer ASAP , I really want to see the solution (or hint) of this prog.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Try the "Search" button

  3. #3
    JackD
    Guest

    Asap!

    Wow! OK - ASAP!
    The OEP is 00401990.
    Now what?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    oh12vn
    Guest
    of course I have searched before ask , but all I can find are tuts which metion about ASProtect , and how to unpack it by the normal way. No tut has covered the thing I want to ask.

    The thing here is so different. I traced the whole program but cant find its OEP. Like I said in the last post, it changes the EIP from 7xxxxxx to 3xxxxxxx, I already tried to dump, but unsuccessful. When I used Olly Dump plugin , EIP is 3xxxxxx , but in EIP to OEP , it displays like FBxxxx.

    I hope any of you can help me with this.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    oh12vn
    Guest
    I bet that JackD used PE ID , that prog told me the same thing but you can never reach 401990 before the whole program load. And in fact, I've never reached that EIP. That's exactly what I want to ask.

    Is 401990 the real OEP ? How to reach there ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    stanley white
    Guest
    Yes.... OEP is 401990

    If you use Labba's tut and ImpRec you can unpack this baby in 10 min or so ... I just unpacked it to check, and theres nothing new to this ASPR as far as I can see...

    The only hurdle I see for newbie's is that the plugin for ImpRec doesn't support ASPR 1.23 RC4... I might do a plugin for 1.23 RC4 if I get the time !!

    Read Labba's tut. It answers most of the basic questions about ASPR ... It also answers your question on how to reach OEP !!

    Stan
    Last edited by stanley white; November 19th, 2003 at 10:19.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Registered User hobferret's Avatar
    Join Date
    Jul 2002
    Location
    Alien Area near Albuquerque
    Posts
    203
    Yo oh12vn

    Saw this on Wednesday and had a go - as Stanley White says it's easy although I used SI and then another go with TRW - cos I ain't got XP any more HDD crashed!

    In both SI and TRW break on any API then set BPX 00401990 and guess what it stops

    The IAT is simple too - as said on this forum many times B4 the IAT is mostly alphabetical. However 4 the lazy I will put the sequence here:

    wininet.dll
    InternetCrackUrlA

    advapi32.dll
    AdjustTokenPrivileges
    LookupPrivilegeValueA
    OpenProcessToken
    RegCloseKey
    RegConnectRegistryA
    RegCreateKeyExA
    RegDeleteKeyA
    RegDeleteValueA
    RegEnumKeyExA
    RegEnumValueA
    RegFlushKey
    RegOpenKeyA
    RegOpenKeyExA
    RegQueryInfoKeyA
    RegQueryValueExA
    RegSetValueExA

    kernel32.dll
    CloseHandle
    CompareStringA
    CreateDirectoryA
    CreateEventA
    CreateFileA
    CreateMutexA
    CreateProcessA
    CreateThread
    DeleteCriticalSection
    DeleteFileA
    DosDateTimeToFileTime
    EnterCriticalSection
    EnumCalendarInfoA
    ExitProcess
    ExitThread
    ExpandEnvironmentStringsA
    FileTimeToDosDateTime
    FileTimeToLocalFileTime
    FileTimeToSystemTime
    FindClose
    FindFirstFileA
    FindNextFileA
    FindResourceA
    FlushFileBuffers
    FormatMessageA
    FreeLibrary
    FreeResource
    GetACP
    GetCPInfo
    GetCommandLineA
    GetComputerNameA
    GetCurrentDirectoryA
    GetCurrentProcess
    GetCurrentProcessId
    GetCurrentThread
    GetCurrentThreadId
    GetDateFormatA
    GetDiskFreeSpaceA
    GetDriveTypeA
    GetEnvironmentStrings
    GetEnvironmentVariableA
    GetExitCodeThread
    GetFileAttributesA
    GetFileSize
    GetFileTime
    GetFileType
    GetFullPathNameA
    GetLastError
    GetLocalTime
    GetLocaleInfoA
    GetModuleFileNameA
    GetModuleHandleA
    GetOEMCP
    GetPriorityClass
    GetPrivateProfileStringA
    GetProcAddress
    GetProcessHeap
    GetProfileStringA
    GetShortPathNameA
    GetStartupInfoA
    GetStdHandle
    GetStringTypeExA
    GetStringTypeW
    GetSystemDirectoryA
    GetSystemInfo
    GetSystemTime
    GetSystemTimeAsFileTime
    GetTempPathA
    GetThreadLocale
    GetThreadPriority
    GetTickCount
    GetTimeFormatA
    GetTimeZoneInformation
    GetVersion
    GetVersionExA
    GetWindowsDirectoryA
    GlobalAddAtomA
    GlobalAlloc
    GlobalDeleteAtom
    GlobalFindAtomA
    GlobalFree
    GlobalHandle
    GlobalLock
    GlobalReAlloc
    GlobalSize
    GlobalUnlock
    HeapAlloc
    HeapFree
    InitializeCriticalSection
    InterlockedDecrement
    InterlockedExchange
    InterlockedIncrement
    LCMapStringA
    LeaveCriticalSection
    LoadLibraryA
    LoadLibraryExA
    LoadResource
    LocalAlloc
    LocalFree
    LockResource
    MulDiv
    MultiByteToWideChar
    QueryPerformanceCounter
    QueryPerformanceFrequency
    RaiseException
    ReadFile
    RemoveDirectoryA
    ResetEvent
    ResumeThread
    RtlUnwind
    SetConsoleCtrlHandler
    SetCurrentDirectoryA
    SetEndOfFile
    SetEnvironmentVariableA
    SetErrorMode
    SetEvent
    SetFilePointer
    SetFileTime
    SetHandleCount
    SetLastError
    SetPriorityClass
    SetSystemTime
    SetThreadLocale
    SetThreadPriority
    SizeofResource
    Sleep
    SleepEx
    SuspendThread
    SystemTimeToFileTime
    TlsAlloc
    TlsFree
    TlsGetValue
    TlsSetValue
    UnhandledExceptionFilter
    VirtualAlloc
    VirtualFree
    VirtualProtect
    VirtualQuery
    WaitForSingleObject
    WideCharToMultiByte
    WinExec
    WriteFile
    WritePrivateProfileStringA
    lstrcmpA
    lstrcpyA
    lstrcpynA
    lstrlenA

    version.dll
    GetFileVersionInfoA
    GetFileVersionInfoSizeA
    VerQueryValueA

    wsock32.dll
    WSAAsyncGetHostByName
    WSAAsyncGetServByName
    WSAAsyncSelect
    WSACancelAsyncRequest
    WSACancelBlockingCall
    WSACleanup
    WSAGetLastError
    WSAIsBlocking
    WSAStartup
    accept
    closesocket
    connect
    gethostbyname
    gethostname
    getservbyname
    getsockopt
    htons
    inet_addr
    inet_ntoa
    ioctlsocket
    listen
    ntohs
    recv
    select
    send
    setsockopt
    socket
    bind

    winspool.drv
    ClosePrinter
    DocumentPropertiesA
    EnumPrintersA
    OpenPrinterA

    comctl32.dll
    ImageList_Add
    ImageList_BeginDrag
    ImageList_Create
    ImageList_Destroy
    ImageList_DragEnter
    ImageList_DragLeave
    ImageList_DragMove
    ImageList_DragShowNolock
    ImageList_Draw
    ImageList_DrawEx
    ImageList_EndDrag
    ImageList_GetBkColor
    ImageList_GetDragImage
    ImageList_GetIcon
    ImageList_GetIconSize
    ImageList_GetImageCount
    ImageList_Read
    ImageList_Remove
    ImageList_Replace
    ImageList_ReplaceIcon
    ImageList_SetBkColor
    ImageList_SetDragCursorImage
    ImageList_SetIconSize
    ImageList_SetOverlayImage
    ImageList_Write
    InitCommonControls

    gdi32.dll
    Arc
    BitBlt
    CombineRgn
    CopyEnhMetaFileA
    CreateBitmap
    CreateBrushIndirect
    CreateCompatibleBitmap
    CreateCompatibleDC
    CreateDCA
    CreateDIBSection
    CreateDIBitmap
    CreateFontIndirectA
    CreateHalftonePalette
    CreateICA
    CreatePalette
    CreatePatternBrush
    CreatePen
    CreatePenIndirect
    CreatePolygonRgn
    CreateRectRgn
    CreateRectRgnIndirect
    CreateSolidBrush
    DeleteDC
    DeleteEnhMetaFile
    DeleteObject
    Ellipse
    EndDoc
    EndPage
    ExcludeClipRect
    ExtCreatePen
    ExtCreateRegion
    ExtFloodFill
    ExtTextOutA
    ExtTextOutW
    FillRgn
    GdiFlush
    GetBitmapBits
    GetBkColor
    GetBrushOrgEx
    GetCharacterPlacementW
    GetClipBox
    GetCurrentPositionEx
    GetDCOrgEx
    GetDIBColorTable
    GetDIBits
    GetDeviceCaps
    GetEnhMetaFileBits
    GetEnhMetaFileHeader
    GetEnhMetaFilePaletteEntries
    GetMapMode
    GetNearestColor
    GetObjectA
    GetPaletteEntries
    GetPixel
    GetRgnBox
    GetStockObject
    GetSystemPaletteEntries
    GetTextColor
    GetTextExtentExPointW
    GetTextExtentPoint32A
    GetTextExtentPoint32W
    GetTextMetricsA
    GetWinMetaFileBits
    GetWindowOrgEx
    IntersectClipRect
    LineTo
    MaskBlt
    MoveToEx
    PatBlt
    Pie
    PlayEnhMetaFile
    PolyPolyline
    Polygon
    Polyline
    RealizePalette
    RectVisible
    Rectangle
    RestoreDC
    SaveDC
    SelectClipRgn
    SelectObject
    SelectPalette
    SetAbortProc
    SetBkColor
    SetBkMode
    SetBrushOrgEx
    SetDIBColorTable
    SetDIBits
    SetEnhMetaFileBits
    SetMapMode
    SetPixel
    SetROP2
    SetStretchBltMode
    SetTextAlign
    SetTextColor
    SetViewportExtEx
    SetViewportOrgEx
    SetWinMetaFileBits
    SetWindowExtEx
    SetWindowOrgEx
    StartDocA
    StartPage
    StretchBlt
    TextOutA
    TextOutW
    UnrealizeObject

    shell32.dll
    DragAcceptFiles
    DragQueryFile
    DragQueryPoint
    SHGetDesktopFolder
    SHGetFileInfo
    SHGetMalloc
    SHGetSpecialFolderLocation
    ShellExecuteA
    ShellExecuteEx
    Shell_NotifyIcon
    SHGetPathFromIDList

    user32.dll
    ActivateKeyboardLayout
    AdjustWindowRectEx
    AppendMenuA
    BeginDeferWindowPos
    BeginPaint
    CallNextHookEx
    CallWindowProcA
    CharLowerA
    CharLowerBuffA
    CharNextA
    CharToOemA
    CharUpperA
    CharUpperBuffA
    CheckMenuItem
    ChildWindowFromPoint
    ClientToScreen
    ClipCursor
    CloseClipboard
    CopyIcon
    CreateCaret
    CreateIcon
    CreateMenu
    CreatePopupMenu
    CreateWindowExA
    DefFrameProcA
    DefMDIChildProcA
    DefWindowProcA
    DeferWindowPos
    DeleteMenu
    DestroyCaret
    DestroyCursor
    DestroyIcon
    DestroyMenu
    DestroyWindow
    DispatchMessageA
    DrawEdge
    DrawFocusRect
    DrawFrameControl
    DrawIcon
    DrawIconEx
    DrawMenuBar
    DrawTextA
    DrawTextExA
    DrawTextW
    EmptyClipboard
    EnableMenuItem
    EnableScrollBar
    EnableWindow
    EndDeferWindowPos
    EndPaint
    EnumChildWindows
    EnumClipboardFormats
    EnumThreadWindows
    EnumWindow
    EqualRect
    FillRect
    FindWindowA
    FindWindowExA
    FrameRect
    GetActiveWindow
    GetAsyncKeyState
    GetCapture
    GetCaretPos
    GetClassInfoA
    GetClassNameA
    GetClientRect
    GetClipboardData
    GetCursor
    GetCursorPos
    GetDC
    GetDCEx
    GetDesktopWindow
    GetDoubleClickTime
    GetFocus
    GetForegroundWindow
    GetIconInfo
    GetKeyNameTextA
    GetKeyState
    GetKeyboardLayout
    GetKeyboardLayoutList
    GetKeyboardState
    GetKeyboardType
    GetLastActivePopup
    GetMenu
    GetMenuItemCount
    GetMenuItemID
    GetMenuItemInfoA
    GetMenuState
    GetMenuStringA
    GetMessagePos
    GetMessageTime
    GetParent
    GetPropA
    GetScrollInfo
    GetScrollPos
    GetScrollRange
    GetSubMenu
    GetSysColorBrush
    GetSystemMenu
    GetSystemMetrics
    GetTabbedTextExtentA
    GetTopWindow
    GetUpdateRect
    GetWindow
    GetWindowDC
    GetWindowLongA
    GetWindowPlacement
    GetWindowRect
    GetWindowTextA
    GetWindowThreadProcessId
    HideCaret
    InflateRect
    InsertMenuA
    InsertMenuItemA
    IntersectRect
    InvalidateRect
    InvalidateRgn
    InvertRect
    IsCharAlphaA
    IsCharAlphaNumericA
    IsChild
    IsClipboardFormatAvailable
    IsDialogMessageA
    IsIconic
    IsRectEmpty
    IsWindow
    IsWindowEnabled
    IsWindowVisible
    IsZoomed
    KillTimer
    LoadBitmapA
    LoadCursorA
    LoadIconA
    LoadImageA
    LoadKeyboardLayoutA
    LoadMenuA
    LoadStringA
    MapVirtualKeyA
    MapWindowPoints
    MessageBeep
    MessageBoxA
    MsgWaitForMultipleObjects
    OemToCharA
    OffsetRect
    OpenClipboard
    PeekMessageA
    PostMessageA
    PostQuitMessage
    PtInRect
    RedrawWindow
    RegisterClassA
    RegisterClipboardFormatA
    RegisterWindowMessageA
    ReleaseCapture
    ReleaseDC
    RemoveMenu
    RemovePropA
    ScreenToClient
    ScrollWindow
    ScrollWindowEx
    SendMessageA
    SendMessageTimeoutA
    SetActiveWindow
    SetCapture
    SetCaretPos
    SetClassLongA
    SetClipboardData
    SetCursor
    SetFocus
    SetForegroundWindow
    SetKeyboardState
    SetMenu
    SetMenuItemInfoA
    SetParent
    SetPropA
    SetRect
    SetRectEmpty
    SetScrollInfo
    SetScrollPos
    SetScrollRange
    SetTimer
    SetWindowLongA
    SetWindowPlacement
    SetWindowPos
    SetWindowRgn
    SetWindowTextA
    SetWindowsHookExA
    ShowCaret
    ShowCursor
    ShowOwnedPopups
    ShowScrollBar
    ShowWindow
    SystemParametersInfoA
    TrackPopupMenu
    TranslateMDISysAccel
    TranslateMessage
    UnhookWindowsHookEx
    UnionRect
    UnregisterClassA
    UpdateWindow
    ValidateRect
    WaitMessage
    WinHelpA
    WindowFromPoint
    keybd_event
    wsprintfA
    GetSysColor

    winmm.dll
    PlaySoundA
    sndPlaySoundA
    timeGetTime
    timeKillEvent
    timeSetEvent

    imm32.dll
    ImmGetCompositionStringA
    ImmGetContext
    ImmReleaseContext
    ImmSetCompositionFontA
    ImmSetCompositionWindow

    ole32.dll
    CoCreateGuid
    CoInitialize
    CoTaskMemFree
    CoUninitialize
    StringFromGUID2

    oleaut32.dll
    GetErrorInfo
    SafeArrayCreate
    SafeArrayGetElement
    SafeArrayGetLBound
    SafeArrayGetUBound
    SafeArrayPtrOfIndex
    SafeArrayPutElement
    SafeArrayRedim
    SysAllocStringLen
    SysFreeString
    SysReAllocStringLen
    SysStringLen
    VarBoolFromStr
    VarBstrFromBool
    VarBstrFromCy
    VarBstrFromDate
    VarCyFromStr
    VarDateFromStr
    VarI4FromStr
    VarNeg
    VarNot
    VarR8FromStr
    VariantChangeTypeEx
    VariantClear
    VariantCopy
    VariantCopyInd
    VariantInit

    Hope this helps you !!!!!

    /hobferret

  8. #8
    Registered User
    Join Date
    Nov 2003
    Location
    .hr
    Posts
    40
    hello to all!

    my first post here.

    i'm learning asprotect these days (i've been using using automatic removers until none worked)
    i've made this plugin for imprec 1.6 last night (very hasty) surely has bugs and flaws
    but maybe someone can improve it (for ASProtect 1.23 RC4 - 1.3.08.24 only)

    i'm also coding some debugger/loader like Manko's but it sucks

    Attached Files Attached Files
    Last edited by drizz; November 21st, 2003 at 17:43.

  9. #9
    Registered User hobferret's Avatar
    Join Date
    Jul 2002
    Location
    Alien Area near Albuquerque
    Posts
    203
    Quote Originally Posted by drizz
    hello to all!

    my first post here.

    i'm learning asprotect these days (i've been using using automatic removers until none worked)
    i've made this plugin for imprec 1.6 last night (very hasty) surely has bugs and flaws
    but maybe someone can improve it (for ASProtect 1.23 RC4 - 1.3.08.24 only)

    i'm also coding some debugger/loader like Manko's but it sucks

    Hi drizz welcome to the board

    Don't wanna sound sarcastic but it would help if you attached your file so we may take a look at what you have done

    /hobferret

    Thanx for the attachment!

    /hobferret 11/21/03
    Last edited by hobferret; November 21st, 2003 at 17:47.

  10. #10
    Registered User
    Join Date
    Nov 2003
    Location
    .hr
    Posts
    40
    Quote Originally Posted by hobferret
    Hi drizz welcome to the board

    Don't wanna sound sarcastic but it would help if you attached your file so we may take a look at what you have done

    /hobferret
    hi hobferret, damn im new and i was using opera with "refuse popup windows"
    and when i clicked alldone, the page just closed......

    ops:

Similar Threads

  1. Newbie need help: Plz
    By maxi in forum The Newbie Forum
    Replies: 2
    Last Post: January 13th, 2014, 12:38
  2. Newbie here
    By tracenhit in forum OllyDbg Support Forums
    Replies: 5
    Last Post: January 5th, 2006, 04:17
  3. Newbie
    By elche2 in forum The Newbie Forum
    Replies: 6
    Last Post: April 20th, 2005, 11:10
  4. Newbie need help...
    By John in forum The Newbie Forum
    Replies: 3
    Last Post: October 24th, 2002, 22:17
  5. Newbie in need of help
    By Dr_Kong in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: December 3rd, 2000, 15:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •