Exetools - ASPR: stolen bytes neccessary?!

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - ASPR: stolen bytes neccessary?! (https://forum.exetools.com/showthread.php?t=2915)

MaRKuS-DJM

11-04-2003 21:41

ASPR: stolen bytes neccessary?!

i've unpacked many aps with asprotect now... and now i've a question...

do i really need the stolen bytes? i've written this to the oep, and the apps worked without any stolen bytes...
push ebp
mov ebp, esp
add esp,-010
mov eax,******* <<<< this is only if i've found a eax-value

the apps worked so far... no problems...

Squidge

11-05-2003 07:23

A lot of the time I find that the actual stolen bytes are simply parts of the standard startup code for a certain compiler, so once you know what it's been compiled with, it's normally easy to replace the stolen bytes by simply copying and pasting from another program compiled in the same way. Certainly easier than trying to find the original bytes, and much faster :)

WhoCares

11-05-2003 09:13

Re: ASPR: stolen bytes neccessary?!

coz those bytes you mentioned is just to set up the stack frame and reserve some space for local variables. No need to restore the stack coz this procedure will never return due to ExitProcess/TerminateProcess call.

Quote:

Originally posted by MaRKuS-DJM
i've unpacked many aps with asprotect now... and now i've a question...

do i really need the stolen bytes? i've written this to the oep, and the apps worked without any stolen bytes...
push ebp
mov ebp, esp
add esp,-010
mov eax,******* <<<< this is only if i've found a eax-value

the apps worked so far... no problems...

All times are GMT +8. The time now is 10:23.