Thread: Newbie question ASPR 1.23 RC4 (long!)
View Single Post
  #111  
Old 02-17-2004, 07:31
JMI JMI is offline
Leader
  
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 98 Times in 96 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
Wurstgote:

I have not played with your target, but there has been much written about various techniques used by ASPR to attempt to foil the efforts of the "honest crackers." One of those techniques is the process of setting points in the original program that attempt to jump off into parts of the ASPR code or, sometime, might even move part of the original code into the area of the ASPR code. Generally these are called "dips" but often they send the program off to addresses usually "above" the normal code range of the original exe, into the code range where ASPR is/was found.

The point of the exercise is that when you remove the ASPR wrapper around the exe, by dumping, you might no longer have access to these "dips" or they might have changed or moved necessary data and, unless you dump at the right time or fix the reference in the exe,which send the program off looking at these locations, you will get an error and your program will not work correctly. I believe, generally, that is what is being discussed.

Regards,
__________________
JMI
Reply With Quote