wbe
March 9th, 2002, 23:06
POW! Another one bites the dust.
This is the first time I see a VB6 app (VoptXP v7, http://***.vopt.com) protected with Asprotect. I thought it would be a challenge to try deprotecting it and immediately started unpacking. I found OEiP, dumped, fixed and rebuilt (OEP: 00007A54, IATRVA: 00001000, IATSize: 00000290). However, all finished in 3 minutes time. The invalid module (MSVBVM60.dll) had all its 163 functions properly seated in place after an Autotrace, leaving me nothing but pushing the fix dump button. No fun! Deprotected app runs as usual now, except complaining about an "unexpected error" which requires a little tracing, later.
The question is, how could this happen? Why didn't aspr played its usual API, DD tricks, etc., on this one? There was an aspacked asprotect.dll residing in the app's folder. However, the app runs well without it.
Did anyone have a similar experience?
Thanks.
This is the first time I see a VB6 app (VoptXP v7, http://***.vopt.com) protected with Asprotect. I thought it would be a challenge to try deprotecting it and immediately started unpacking. I found OEiP, dumped, fixed and rebuilt (OEP: 00007A54, IATRVA: 00001000, IATSize: 00000290). However, all finished in 3 minutes time. The invalid module (MSVBVM60.dll) had all its 163 functions properly seated in place after an Autotrace, leaving me nothing but pushing the fix dump button. No fun! Deprotected app runs as usual now, except complaining about an "unexpected error" which requires a little tracing, later.
The question is, how could this happen? Why didn't aspr played its usual API, DD tricks, etc., on this one? There was an aspacked asprotect.dll residing in the app's folder. However, the app runs well without it.
Did anyone have a similar experience?
Thanks.
...
...and no D-D cos ThunkMain does everything so aspr can only 'pack' it ?