Thread: Tried unpacking DVDIdle Pro - AsProtect
View Single Post
  #40  
Old 03-25-2004, 18:47
britedream britedream is offline
Friend
  
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
these are the errors area I had, if you fix them it will run:

1-
004043AE /74 0F JE SHORT dvd_.004043BF
004043B0 |50 PUSH EAX
004043B1 |E8 90AB0100 CALL <JMP.&msvcrt.strlen>
004043B6 |. |85C0 TEST EAX,EAX
004043B8 |. |59 POP ECX ; dvd_.0040352D
004043B9 |. |76 04 JBE SHORT dvd_.004043BF
004043BB |. |33C0 XOR EAX,EAX
004043BD |. |40 INC EAX
004043BE |. |C3 RETN
004043BF |> \33C0 XOR EAX,EAX
004043C1 \. C3 RETN

2-
00401770 . 8975 FC MOV DWORD PTR SS:[EBP-4],ESI ; dvd_.0042C0F0
00401773 . FF35 28214200 PUSH DWORD PTR DS:[<&kernel32.CreateThre>; kernel32.CreateThread
00401779 . B8 D8A44200 MOV EAX,dvd_.0042A4D8
0040177E . FFD0 CALL NEAR EAX
00401780 . EB 0F JMP SHORT dvd_.00401791

this is what I had and fixed.

now the strange thing I found , in fixed dump at the oep which working with no problem so far, I did check the iat to see if it is well, I found out that around four addresses has been over written, so I changed importrec option from create new iat, to rebuild original, that corrected the problem. so please check the iat made by asprotect unpacker I am curious to see.
Last edited by britedream; 03-25-2004 at 18:53.
Reply With Quote