BlackB
March 18th, 2001, 05:50
Hi there reversers,
I downloaded the newest chameleon clock (17-03-2001), and i suspect that there are some changes in ASProtect protection.
I'm not really sure what the OEiP should be.....using tracex I come out on 4AEC30....but it's a call and it does not PUSH EBP; MOV EBP, ESP as every normal app starts. However, a little bit before that instruction there is a PUSH EBP, but it gets never executed.
RVA Start: BD144
Length: 688
IT RVA: 1130000
Length: 180
It's also little bit unclear where those "set memoryflags" call is made.....there are about thousands of calls
Btw, I spoke to risc lately, and he told he gave Alexey some anti-cracking advice and he told we had to "fear", heheheh. Just mentioning ;-)
btw, tutorial on Iris/Revirgin is finished. You can view it at http://blackb.tsx.org - Tutorials section - Iris
A copy of the essay will be available soon at +tsehp's site (I hope, heh)
greets
The Blackbird aka BlackB
I downloaded the newest chameleon clock (17-03-2001), and i suspect that there are some changes in ASProtect protection.
I'm not really sure what the OEiP should be.....using tracex I come out on 4AEC30....but it's a call and it does not PUSH EBP; MOV EBP, ESP as every normal app starts. However, a little bit before that instruction there is a PUSH EBP, but it gets never executed.
RVA Start: BD144
Length: 688
IT RVA: 1130000
Length: 180
It's also little bit unclear where those "set memoryflags" call is made.....there are about thousands of calls

Btw, I spoke to risc lately, and he told he gave Alexey some anti-cracking advice and he told we had to "fear", heheheh. Just mentioning ;-)
btw, tutorial on Iris/Revirgin is finished. You can view it at http://blackb.tsx.org - Tutorials section - Iris
A copy of the essay will be available soon at +tsehp's site (I hope, heh)
greets
The Blackbird aka BlackB