hi to all
I'm working on a file procetced by asprotect
When I disasm it with ida it shows me only a little piece of the the decryption routine
Some of that is encrypted by xoring it with a number
I'd like to know if it's possibile to write an idc file that acts on the idb file for xoring that bytes so i can look at them
I know its possible to dump them from mem when they r decrypted but doing so they r not in the idb file
I hope u can help me
Tnx
See ya

hi,
bad and long way to succeed.
You have to dump your target and before that locate the prog's original entry point.
The main problem with asprotect is that this protection scheme modifies a lot the target's IAT, you have to find a way to fix.
This was already done by several crackers, do a local search here on asprotect and you will find the essays.
I will release in the future my tool to unprotect this very easily, but you have to master the pe-file structure and unpacking skills before using it.
regards,

tsehp

Well at the moment
I only want to study the prog dumping it and disasming it and even if the iat is destroyed i've no problem for studying the file