I have tried to write unpacker for aspr.I guess %40 is done.I have documented IAT loader.I wont work on this unpacker for a long time.I need to concentrate on my finals.
Play with it.Hope you like it.

Hi LaptoniC!

Whassup mate? I cant believe you are gonna stop your secret project Like with girls, you shouldnt stop things in the middle (bad for your brain after a long while)

I just want to give you some strength to continue with your project, cos you have done a very good work till now

Regards,
Ni2

Damn.. :>>>...

Lapto, you beat me to it :>... decided to code a decryptor instead so that i can learn some crypto along the way... does your dump or decrypt the target? And did you find out what the last emu API is? I never seen it being used though...

Anyway, i hope Alex doesnt take it too hard, cos now that AsProtected is really useless, with your unpacker and GLOBAL's inline patcher, it is rendered useless... hopefully he will come up with a brand new AsProtect 2.0 for us to play with, it is nice to reverse clean code... though obfuscated... wonder when he will release THE version that kills both Revirgin and ImPrec as he promises...

tiil then, good luck for ur exams Lapto... /me need lots of luck too :>>
crUsAdEr

If you dump at first getprocaddress of IAT loader you will have clean.exe which wont have any aspr dips without iat ofcourse.Because I hook gpa you can build the import table I guess.
Yes I found the emulated apis.Last one is DllFunctionCall from vb.Everything else in source code and notes.txt.

Yeah that is what i did initially in my dumper... patch the IAt mangling routine to build it instead of mangling it :>... then dump from there...

but guess my coding skill is too crap... as you have seen, the loader doesnt seem very stable... hence i decide to do a safer one which decrypt the file without running it... thus learn the algo along the way...

nice, who could have guessed that DllFunctionCall :>... thanx for the info...

very good idea LaptoniC..congrats
DllFunctionCall? hum, I never saw VB applications protected by aspr=/

>>at least ! there is about 1 year and half I wait for this moment

always remember those words : if it runs it can be defeated...

+orc memories.

tsehp

I think, PcGuard 4.04d, 4.05d already killed Revirgin & Imprec.

amois:
I really doubt that it's true...as far as I know pcguard can't even trick icedumps it rebuilder.

Hi, anyone can tell me what's
GLOBAL inline patcher?, if it makes asprotect useless, i want it.

(i cannot find it in google).

Greets.

look at:

Tools of our Trade (AIPH)


....Asprotect is not useless, is a good prog. But it seems, that the shareware-programmer aren't able to use the good features of Asprotect...

ciao
SilberFuchs