Thread: Still need help with Asprotect
View Single Post
  #12  
Old 03-14-2004, 16:04
smallfox smallfox is offline
Friend
  
Join Date: Sep 2002
Posts: 56
Rept. Given: 32
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 15
Thanks Rcvd at 5 Times in 4 Posts
smallfox Reputation: 0
britedream,

I need to the find stolen bytes

can you point out to me?

Im lost as to how many bytes were stolen and here's what ive done ...

006342AA 6300 ARPL DWORD PTR DS:[EAX],EAX
006342AC 0000 ADD BYTE PTR DS:[EAX],AL
006342AE 0000 ADD BYTE PTR DS:[EAX],AL
006342B0 0000 ADD BYTE PTR DS:[EAX],AL
006342B2 0000 ADD BYTE PTR DS:[EAX],AL
006342B4 0000 ADD BYTE PTR DS:[EAX],AL
006342B6 0000 ADD BYTE PTR DS:[EAX],AL
006342B8 0000 ADD BYTE PTR DS:[EAX],AL
006342BA 0000 ADD BYTE PTR DS:[EAX],AL
006342BC 0000 ADD BYTE PTR DS:[EAX],AL
006342BE 0000 ADD BYTE PTR DS:[EAX],AL
006342C0 E8 1B38DDFF CALL PIGUI.00407AE0
006342C5 33C0 XOR EAX,EAX
006342C7 55 PUSH EBP
006342C8 68 78476300 PUSH PIGUI.00634778
006342CD 64:FF30 PUSH DWORD PTR FS:[EAX]
006342D0 64:8920 MOV DWORD PTR FS:[EAX],ESP
006342D3 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]




00C8C2BC F2: PREFIX REPNE: ; Superfluous prefix
00C8C2BD EB 01 JMP SHORT 00C8C2C0
00C8C2BF 9A F2EB019A EB02 CALL FAR 02EB:9A01EBF2 ; Far call
00C8C2C6 CD 20 INT 20
00C8C2C8 FF7424 1E PUSH DWORD PTR SS:[ESP+1E]
00C8C2CC 6A 74 PUSH 74
00C8C2CE 895C24 04 MOV DWORD PTR SS:[ESP+4],EBX
00C8C2D2 F2: PREFIX REPNE: ; Superfluous prefix
00C8C2D3 EB 01 JMP SHORT 00C8C2D6
00C8C2D5 F3: PREFIX REP: ; Superfluous prefix
00C8C2D6 83EC FC SUB ESP,-4
00C8C2D9 F3: PREFIX REP: ; Superfluous prefix
00C8C2DA EB 02 JMP SHORT 00C8C2DE
00C8C2DC CD 20 INT 20
00C8C2DE C1D3 9B RCL EBX,9B ; Shift constant out of range 1..31
00C8C2E1 2E:EB 02 JMP SHORT 00C8C2E6 ; Superfluous prefix
00C8C2E4 CD 20 INT 20
00C8C2E6 81EB 45478C09 SUB EBX,98C4745
00C8C2EC 3E:EB 02 JMP SHORT 00C8C2F1 ; Superfluous prefix
00C8C2EF CD 20 INT 20
00C8C2F1 81F3 553D2134 XOR EBX,34213D55
00C8C2F7 EB 01 JMP SHORT 00C8C2FA
00C8C2F9 0F26 ??? ; Unknown command
00C8C2FB EB 02 JMP SHORT 00C8C2FF
00C8C2FD CD 20 INT 20
00C8C2FF 6A F9 PUSH -7
00C8C301 2E:EB 02 JMP SHORT 00C8C306 ; Superfluous prefix
00C8C304 CD 20 INT 20
00C8C306 C74424 00 EDC2C8>MOV DWORD PTR SS:[ESP],0C8C2ED
00C8C30E 5B POP EBX
00C8C30F FF53 2C CALL DWORD PTR DS:[EBX+2C]
00C8C312 F0:69C7 E8C7F29A LOCK IMUL EAX,EDI,9AF2C7E8 ; LOCK prefix is not allowed
00C8C319 1F POP DS ; Modification of segment register
00C8C31A C3 RETN
00C8C31B C8 009AC7 ENTER 9A00,0C7
00C8C31F 5B POP EBX
00C8C320 EB 01 JMP SHORT 00C8C323
00C8C322 F3: PREFIX REP: ; Superfluous prefix
00C8C323 F2: PREFIX REPNE: ; Superfluous prefix
00C8C324 EB 01 JMP SHORT 00C8C327
00C8C326 698D 99767F8C 09>IMUL ECX,DWORD PTR SS:[EBP+8C7F7699],1EB>
00C8C330 F0:EB 01 LOCK JMP SHORT 00C8C334 ; LOCK prefix is not allowed
00C8C333 -0F8D 1C858250 JGE 514B4855
00C8C339 2BBD 36EB02CD SUB EDI,DWORD PTR SS:[EBP+CD02EB36]
00C8C33F 2083 F3945B26 AND BYTE PTR DS:[EBX+265B94F3],AL
00C8C345 EB 02 JMP SHORT 00C8C349
00C8C347 CD 20 INT 20
00C8C349 F3: PREFIX REP: ; Superfluous prefix
00C8C34A EB 02 JMP SHORT 00C8C34E
00C8C34C CD 20 INT 20
00C8C34E 55 PUSH EBP
00C8C34F FF7424 1E PUSH DWORD PTR SS:[ESP+1E]
00C8C353 896C24 04 MOV DWORD PTR SS:[ESP+4],EBP
00C8C357 F2: PREFIX REPNE: ; Superfluous prefix
00C8C358 EB 01 JMP SHORT 00C8C35B
00C8C35A -E9 8D642404 JMP 04ED27EC
00C8C35F 8BEC MOV EBP,ESP
00C8C361 33C9 XOR ECX,ECX
00C8C363 26:EB 02 JMP SHORT 00C8C368 ; Superfluous prefix
00C8C366 CD 20 INT 20
00C8C368 F3: PREFIX REP: ; Superfluous prefix
00C8C369 EB 02 JMP SHORT 00C8C36D
00C8C36B CD 20 INT 20
00C8C36D 55 PUSH EBP
00C8C36E FF7424 1E PUSH DWORD PTR SS:[ESP+1E]
00C8C372 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
Reply With Quote