|
|
#23
06-01-2004, 14:24
|
|||
|
|||
|
TARGET: http://www.jufsoft.com/badcopy
Protection: Latest ASProtect Used Britedream's Olly script for "ASPR 1.3b" and got to OEP Without using Ollyscript I did this to get to the OEP. Hit Shift+F9 26 times and here: 0115E56E 0156 00 ADD DWORD PTR DS:[ESI],EDX Put BP here: 0115E588 833D 6C3B1601 00 CMP DWORD PTR DS:[1163B6C],0 And hit Shift+F9 and Olly breaks. Then Alt+M and put BP on memory access on code. Then Set the debugging options and hit F9 once and you are at the OEP(Remove analysis) with no stolen bytes. 00501184 55 PUSH EBP 00501185 8BEC MOV EBP,ESP 00501187 83C4 F0 ADD ESP,-10 0050118A B8 240E5000 MOV EAX,BadCopy.00500E24 0050118F E8 105EF0FF CALL BadCopy.00406FA4 Dumped the target and there were no unresolved pointers and fixed IAT and then dump file. But target wont run Error: Access violation while reading [1181B34] 00407294 $- FF25 C841C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetModuleFileNameA 0040729A 8BC0 MOV EAX,EAX 0040729C $- FF25 CC41C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetModuleHandleA 004072A2 8BC0 MOV EAX,EAX 004072A4 $ FF25 341B1801 JMP DWORD PTR DS:[1181B34] 004072AA 8BC0 MOV EAX,EAX 004072AC $- FF25 D041C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetProfileStringA 004072B2 8BC0 MOV EAX,EAX 004072B4 $- FF25 D441C100 JMP DWORD PTR DS:[<&kernel32.>; kernel32.GetStdHandle How to fix this plz help. Regards, 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help with ASProtect 1.23 RC4 | Perdition | General Discussion | 7 | 06-09-2004 01:48 |
| New Asprotect?? | loman | General Discussion | 7 | 02-04-2004 20:34 |
Threaded Mode