TARGET: http://www.jufsoft.com/badcopy

Protection: Latest ASProtect

Used Britedream's Olly script for "ASPR 1.3b" and got to OEP

Without using Ollyscript I did this to get to the OEP.

Hit Shift+F9 26 times and here:
0115E56E 0156 00 ADD DWORD PTR DS:[ESI],EDX

Put BP here:
0115E588 833D 6C3B1601 00 CMP DWORD PTR DS:[1163B6C],0

And hit Shift+F9 and Olly breaks. Then Alt+M and put BP on memory access on code. Then Set the debugging options and hit F9 once and you are at the OEP(Remove analysis) with no stolen bytes.

00501184 55 PUSH EBP
00501185 8BEC MOV EBP,ESP
00501187 83C4 F0 ADD ESP,-10
0050118A B8 240E5000 MOV EAX,BadCopy.00500E24
0050118F E8 105EF0FF CALL BadCopy.00406FA4


Dumped the target and there were no unresolved pointers and fixed IAT and then dump file.

But target wont run

Error: Access violation while reading [1181B34]

00407294 $- FF25 C841C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetModuleFileNameA
0040729A 8BC0 MOV EAX,EAX
0040729C $- FF25 CC41C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetModuleHandleA
004072A2 8BC0 MOV EAX,EAX
004072A4 $ FF25 341B1801 JMP DWORD PTR DS:[1181B34]
004072AA 8BC0 MOV EAX,EAX
004072AC $- FF25 D041C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetProfileStringA
004072B2 8BC0 MOV EAX,EAX
004072B4 $- FF25 D441C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetStdHandle

How to fix this plz help.

Regards,