Quote:
|
Originally Posted by winndy
Code:
003F4858 55 push ebp ; HFFR.0045C3FC
003F4859 8BEC mov ebp,esp
003F485B 83C4 B4 add esp,-4C
003F485E B8 38473F00 mov eax,3F4738
003F4863 E8 B007FFFF call 003E5018
003F4868 E8 A3EAFEFF call 003E3310
003F486D 8D40 00 lea eax,dword ptr ds:[eax]
|
This is just asprotect virtual .exe extracted by aspr itself into memory, same as secure.dll in armadillo. All protection is in it, so dumping it and analyzing it is a good way to understand how asprotect works.
That's at least my approach on every asprotected target.