|
Hi zambuka,
I am french, so excuse my bad english....
When you run a prog protected by ASProtect 1.23 RC4 - 1.3.08.24, there is an other small .exe witch is created and located in the temp folder.
This file is very temporary because it create a .bat file, "del.bat", in order to delete itself and finally delete himself too.
You can found the exact name and location of this .exe looking at the runnig threads with procdump, ollydbg or what you want.
Windows don't allow you to copy this file, but, on XP, if you set his properties to "read only", it will not be deleted by del.bat nor overwrited by the main prog next time you run it, and this is more important
Thus, you can close the main prog and disassemble the temp .exe witch is not crypted : you will see that the main use of this file is to detect a few knowed debuggers : you can patch that easily, but don't forget to leave the patched file in "read only" state before runnig the main app.
I hope this can help you...
|