Unknown ASProtect Version / AIP Question.
 

Hi,

I'm trying to unpack a program protected with an unknown version of ASProtect.

I have run it through DIE / Peid with VerA 0.15 plugin both identify it initially as: ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov *
Upon running VerA this however changes to: Version: [ Unknown! ], Signature: [ 7DCBD2DA ], E-Mail: [ [email protected] ]

Apart from that i have been checking some tutorials about 2.4SKE and what not, and the code looks pretty identical, i arrive at OEP without much problem using the bp on GetSystemTime, trace 5 times till return, and a couple traces through VM OEP is intact and has no stolen bytes.

Here comes the problem. It's using Advanced Import Protection from the looks of things. I have around 300 import calls routed into ASPR code instead, It's no problem to find out what imports to restore but some calls have garbage code right after the import call (have found 5 so far out of around 80 i have restored)

My question therefore is how do i find this stolen code after the import call?

BTW: None of the ollyscript aspr scripts works. Halts with an error: Something Error.

Thnx in advance.