Results 1 to 3 of 3

Thread: How to unpack an ASProtected .dll?

  1. #1
    *RemedY*
    Guest

    How to unpack an ASProtected .dll?

    Hi there,

    Im pretty interested in unpacking stuff and managed to unpack some minor targets so far, but this time Im faced with an .dll protected with:
    ASProtect 1.2x - 1.3x [Registered] -> Alexey Solodovnikov
    Strange enough the first section identifies itself as .aspack. Anyway, my question is more general. I would like to know, where to start unpacking an protected .dll. I use Olly and I tried with the loaddll-feature, but I got lost at once. I simply dont know what to do with this .dll. Ive unpacked ASProtect-Targets before but nevertheless dont know what to do now. Is there any Tut on unpacking .dlls? Any help is greatly appreachiated.
    Thanks a lot in advance.

    Best regards *RemedY*
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Quote Originally Posted by *RemedY*
    Anyway, my question is more general. I would like to know, where to start unpacking an protected .dll.
    your question is a little too general. There's a procedure here if you need help. Read the FAQ, then search the archives. You can even download them if you look at the bottom of this page.

    What I did on my first protected 'exe' unpack, was to stop at the code entry point. It's the very first bytes the program executes before it initializes itself. You can get to it from the symbol loader in softice but don't know how in Olly. Then I started single-stepping and making scads of notes, listing the addresses of important instructions, loops, etc. After a while, you see a pattern and find ways to progress quickly.

    With a dll I don't know because I've never seen a packed dll. If there is such an animal, I'm sure it's listed in the archives. If not, show you've done some work on it, and I'm sure someone will help you out.

    The only way I can see doing a totally protected dll, is to watch for it being called from the running app. Then start tracing into it and watch how it is unpacked. You could first try disassembling it in IDA to see if that reveals anything.

  3. #3
    *RemedY*
    Guest
    Hi,

    maybe you got me a little bit wrong. I did all the things like searching the forum before i posted my question but unfortunally I found nothing. I know the general behaviour one has to show to get an answer, but there is nothing Im able to do with this .dll. Im able to unpack normal ASProtected .exe-files, but -as I said- this is the first time I came across an packed .dll. This is was I did so far: I let Olly break on new .dlls and stepped into the target .dll - but after one single step [which is a mov eax,dword ptr ds:[xxxxxxxx] it leaves the .dll, steps into another and never come back. For me, there is no obvious reason, why it leaves this .dll. If I were able to do more with this .dll, I would have written it here. I need some general information regarding the procedure of unpacking an .dll.
    I hope someone is willing to help me nevertheless.
    Thanks a lot in advance.

    Best regards *RemedY*
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How to unpack this?
    By back2time in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: September 27th, 2007, 22:04
  2. ocx unpack header?
    By OcxUnpacker in forum Malware Analysis and Unpacking Forum
    Replies: 16
    Last Post: June 30th, 2004, 17:28
  3. unpack me
    By girl in forum Malware Analysis and Unpacking Forum
    Replies: 32
    Last Post: April 27th, 2004, 18:32
  4. ASProtected?
    By Fedev in forum Malware Analysis and Unpacking Forum
    Replies: 15
    Last Post: April 15th, 2002, 12:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •