Inline patch or loader for Asprotec 1,24-1.3????
 

hi

I got a proggy is packed with Asprotec 1.24-1.3 and I don't know how can I make a loader (because ERROR 45) Protection Error .
Have some one a Idea??

hXXp://www.haenlein-software.de/haenlein-software/index2.php?navigation=dvr-studio-pro&s=2&unav=nav_progs&sprache=german

Many Thanks

Maybe this will help you.
hxxp://www.exetools.com/forum/showthread.php?t=2300&highlight=AsProtect+Loader+v0.b

Another tool you can try,I think it's great.

thanks

bad this still not work :-(, shit because i god many Errors :-(

ABEL Loader Maker can make asprotect loader. it patch when he find the window
of the app.

another little trick i use to make asprotect loaders:
i code a loader which wait till a value is written to memory, after the
crc check

so it look like this in asm

the_beginner:

Small lesson in proper English spelling, simply because your effor makes a word you do not intend.

You keep spelling the English word "got" (erhalten) as "god" which is the English word for Gott. Major difference. I know that in German a "d" at then end of a word can sometimes be pronounced as a "t" but that is a rather important word not to use by mistake. Verstehen? ;)

Regards,

here is an example loader code for an asprotect code:
you can find the target app here PS: My next dUP version will support this MemCheck Method. so you can create
loaders for many asprotect apps.

Will it kill the days limitation and/or executions limitations? If not, it will be useless.


kyrios

well you have to patch yourself.for me this feature is usefull,so that i can make loaders for apps with process crc checks. many asprotected apps dont use days limit or execution limit from asprotect.a lot of authors code their own registration scheme.

this "limitation and/or executions limitations" which you mean are stored in registry. you can clean them:
http://diablo2oo2.di.funpic.de/downloads/DelAsprKeys.rar

anyway asprotect is not the only one protector which has process crc checks.

i saw inline patching on ASPRed 1.31 which is pretty amaze me how they did it. I'm sure they use blacklisted key because the program run fully registered.
Advanced MP3 Catalog Pro 3.16 for instance by sthepenteh (from Ressurect team).
Another one is Astonshell 1.9 by someguy (from underPL?)
Any tool or tut will be definitely usefull for everyone else. Ofcourse tut is much more precious.


kyrios

Will it kill the days limitation and/or executions limitations? If not, it will be useless.

don't pretend a loader maker or patch maker will do everything for you.. you most find the bytes to crack the app. at the end that's all you want.. you can kill, by finding the needed bytes, time execution or time limit for any asprotect app. without any special option... have use of debugger and some dead code analisys.

i saw inline patching on ASPRed 1.31 which is pretty amaze me how they did it. I'm sure they use blacklisted key because the program run fully registered.
Advanced MP3 Catalog Pro 3.16 for instance by sthepenteh (from Ressurect team).
Another one is Astonshell 1.9 by someguy (from underPL?)
Any tool or tut will be definitely usefull for everyone else. Ofcourse tut is much more precious.

there's some new method or tool they use for asprotect 1.x-2.x
and it looks they don't even need OEP for the inline patch.... just the bytes to crack the app..... still haven't seem any info. about this maybe it's private and maybe noone who knows it will make it public to make hard time To Alexey :p

there seems to be a weekness in crc checking of aspr'd programs in the protectd/encrypted data not the code.

some crackers enject code in that area, which makes a call to certain address in which they place the required instructions.you can trace the decompression/decryption routine to see what to enject to get the required call to that address.

examples of aspr'd targets that were attacked by that method are iso commander 1.5.052,1.50.060, reget deluxe 4.1.241 (twice by tsrh and digiratti).

I spoke with stephenteh of team RES via PM to ask him about aspr method, which he also used on Gene6 FTP server, he told me he learnt method from cracks that revenge crew used hxxp://revenge.crackdb.com/ but ther is no info on there web site.

I looked at Gene6 patch, it only seems to change 4 bytes, plus change section length to include registration data, it looks to me like the encryption has broken somehow, caus the 4 bytes decrypt to different code after aspr decryption.

i am still looking for more info on this method

--
bedrock

of course that's the main idea.all you have to do is to hack the loop where the data is decompressed/decrypted, make some changes at the end of the loop, which makes the process continue for certain bytes until they reach the desired values.

@JMI
ok ok My English is very bad,but Nobody is Perfect


@diablo2oo2

Many thanks,I hope this help me


(Ich k�nnte auch Schreiben vielen Dank denn Du kommst ja auch aus dem Deutschland oder wie kommt man zu einer .de Adresse :-) )

cu

the_beginner:

Nobody is criticizing your English or suggesting it is 'bad." I simply pointed out that one small letter made a very important difference in those two words, an error which you might want not to make. :) And thanks for the offer.

Regards,

I know a tool named "AIPH" can do it.
You can search this forum or woodmann forum to get it.

hi

can someone explain How can I find the adress of hProcess for this loader?
my proggy ist protect by Asprotec 2.0 :-(

thanks

good tutorial:
http://biw.rult.at/coding/loader.htm


hProcess is part of PROCESS_INFORMATION structure. this structure is filled when you call CreateProcess. just check the tutorial ;)

Sure you can inline patch asprotect
 

in two ways , that I know, one is a perfect but harder than the other one, the second is less perfect, it misses some time but you always can re-click the target, easy, it involves only one comparison that you have to make it jump , which is so obvious that you don't even have to look for it to find it, and a jump to the oep, after that aspr is practically finished.you can patch once you are at the oep or better yet is to patch when the target is about to execute the code you are trying to change.


regards.
BriteDream

could you paste this jump location code?

I think its better to pm such things... because if you post them public the author will have it easy to find his mistake and change it...

i undersand what you mean eggi, but i think there are many who would like to understand this current method for inlining aspr targets, it seems there are only few who can do this, i for one would like to know any information that might be made available...

--
bedrock

thanks

@britedream my problem is to find the OEP :confused: ,if i find i can use diabolo's loader

cu