I am having problems unpacking a program again. The program that is protected which I am trying to unpack is aatools. AATools v5.92 Build 1610
homepage http://www.glocksoft.com/aatools.htm
The protector it uses is ASProtect, but the problem is I am not sure which version. I used PEiD and then based on what it told me, I went looking for a MUP tut or an auto unpacker. I spent a while playing around and following different guides. After messing around for a while I tried using the older version of PEiD just to make sure it is really ASProtect, but when I checked it, it was recognised as a different version.
So I checked it with some other tools aswell and this is what I saw
Quote:
PEiD v0.93
ASProtect 1.2x - 1.3x [Registered] -> Alexey Solodovnikov
PEiD v0.94
ASProtect 2.1x SKE -> Alexey Solodovnikov
pe-scan 3.31 (3.13 the writing is messed up)
no recognised packer/encryptor found
ProtectionID5.1f
ASProtect v2.2 detected
RDG Packer Detector v0.6.4 Beta R-1
ASProtect v2.xx
STUD_PE v2.3.0.1 (detects the same as v2.2.5.0)
ASProtect 1.2x [New Strain] -> Alexey Solodovnikov
Exeinfo PE version 0.0.1.4 a
ASprotect 2.1 ( www.aspack.com/asprotect.htm )
GT2 0.35
Not processed/created with any known program
PFS beta 0.11
ASProtect v1.2x (New Strain)
aPE.public.version_0.1.0beta_release
ASProtect 1.x - 2.x /SKE/
PE Tools v1.5 Build 400 (xmas edition)
ASProtect v1.2x (New Strain)
|
I also checked it with a few others which either recognised it incorrectly or couldn't recognise it at all. I don't know the exact version so it is hard finding a guide to unpack it.
The closest I have got is using a guide written in vietnamese. I can't remember where I got this guide originally. It might have even been from this forum, but I will upload it to this thread so that if anybody can help me, they don't have to go looking for it.
--------------------------
I think I explained enough so far to let you know my situation, I'll tell you where I currently am.
I open AATools in Olly with the 2 plugins and scripts in the same directory as Olly. I also have my exceptions configured like they are configured in the picture. I run the IAT fixer script and when that is finished and it tells me the import tables are fixed, I click ALT + M and then set a breakpoint on memory access on the line underneath "PE Header", I press F9 and dump the file.
(little note, you need to run the IAT fixing script with odbgscript not ollyscript, otherwise it will give an error about BPHWCALL)
I open the file in ImpREC and then click IAT autosearch, then get imports, it finds that most of them are correct, but 2 are wrong. so I choose "Show Invalid" and on the invalid thunks I right click and choose "Plugin Tracers" -> "ASPR2" which is the ASPR2 plugin that comes with the tutorial.
it says they are fixed but when I click fix dump and it saves the file, I run the file and the file doesn't work :P
So I don't know what to do, or what I am doing wrong
Please help me, if you want any more information just ask.