tsehp
December 3rd, 2000, 06:31
The new tool I'm building finally succeeded to remove an asprotect 1.05 on commview 2.3, the good new is that this was made without
touching anything concerning asprotect, meaning that now the program can virtually unprotect every past, actual and I hope for a long time future versions. The tool could also unprotect *every*
iat-protected scheme based targets.
Actually, it's on beta version with arthaxerxes and el Caracol, they're helping me to finalize the product.
But, I plan to publicly release it when it will be perfect and hard to defeat, for that to be done, I need a guy that is able to code in assembly some tracing functions.
Precisely : The function should work on ring 0, my c++ compiled app
feed the function with : -thread or proc id
-starting address to trace, this address is a thunkslot, the program must be forced to go here when the function is called
-low and high EIP to report, meaning that the tracer returns the address where it finally lands if its between those high and low addresses.
Then if possible, the program is restored to it's original state, to allow us to trace another address.
I know this is hard to implement, this feature is almost already constructed in icedump's latest version, my problem is that I would like to release the tool ASAP, so this could speed up a lot the final part of this project.
If someone is able & interested to code this, email me directly at
tsehp@yahoo.com
best regards,
Tsehp
touching anything concerning asprotect, meaning that now the program can virtually unprotect every past, actual and I hope for a long time future versions. The tool could also unprotect *every*
iat-protected scheme based targets.
Actually, it's on beta version with arthaxerxes and el Caracol, they're helping me to finalize the product.
But, I plan to publicly release it when it will be perfect and hard to defeat, for that to be done, I need a guy that is able to code in assembly some tracing functions.
Precisely : The function should work on ring 0, my c++ compiled app
feed the function with : -thread or proc id
-starting address to trace, this address is a thunkslot, the program must be forced to go here when the function is called
-low and high EIP to report, meaning that the tracer returns the address where it finally lands if its between those high and low addresses.
Then if possible, the program is restored to it's original state, to allow us to trace another address.
I know this is hard to implement, this feature is almost already constructed in icedump's latest version, my problem is that I would like to release the tool ASAP, so this could speed up a lot the final part of this project.
If someone is able & interested to code this, email me directly at
tsehp@yahoo.com
best regards,
Tsehp