Hi all

I am trying to reverse a prog called AZPR ver 3.51 (Advanced ZIP Passwrd Recovery). The problem is evrytime I load the prog into W32Dasm or any hex editor, the code and data dissapear! All I get in W32Dasm is a few lines describing the code and data entry points, the trouble is when I jump there, there's no code listing shown at all - just a blank grey background.
Where the hell is the prog, there has to be one because it runs OK. Bye the way, Soft Ice sees the code, but I can't patch using Soft Ice.

Anyone know what's going on here?

Any help here will be greatly appreciated.

Thanks
Hexon

Hola,

Don't get me wrong or pick it up badly, but I just read your post on +Sandman's board and believe me 'no one' knows how to reverse AZPR only one hour after SoftIce has been installed for the very first time.

AZPR is 'afaik' packed with AsPack or was it AsProtect (or am I in the woods?)? Which means you have to unpack it first before you can disassemble it with W32dasm.

Do a few more tuts first... soon you'll be ready

No hard feelings,
JimmyClif

to continue : you have to unpack it, by the way find the OEP, dump it
using icedump or procdump, then the IAT will be pointing to redirectors
or decryptors inside asprotect, so you can't disassemble this code correctly if you don't rebuild the IAT.
To learn how to do that, read some essays about asprotect, there is some on this site and interesting others at cristal's site :http://assembly.citeweb.net/

good luck,

tsehp

Thanks very much for the help +Tsehp, but I'm still a little confused. Firstly being a newbie i don't know what the OEP and IAT is?.
Also I've tried unpacking bit with AsProtect, but it does'nt seem to work! Maybe I have the wrong version.

A little more light on the subject would help. Hope I'm not becoming a nuisance, but I'm thirsty for knowledge.

Thanks
Hexon