Hello to everyone,
here is my ugly patcher AIPH (ASProtect Inline Patch Helper), it will support version 1.21 and higher.
Atm there was only 2 tuts for it but i will write more if there was any interestet in it or maybe other can write too.


USE IT AT YOUR OWN RISK!!
I AM NOT RESPONSABLE FOR ANY DAMAGES!!

I stole the last lines lines from mEtAl ´s ASPIP info

Wow very good Work !

For sure, you can write tutorials, will be very interesting !

gr8 work m8 GR8 WORK!!!!

10x Alot

Let them tuts coming.


BTW, very nice tool.

great!

I tried it with ReGet Deluxe 3.0.121. It always crashes at address 0x77XXXXXX, which is in the kernel addr space, no matter what combinations of the options.

hxxp://deluxe.reget.com/dl/regetdx.exe

Hello Solomon,
you on the right way its realy interesting this crashing at address 0x77XXXXXX its the same thing on the newest CloneCD.
Put a bpint 3 in softice and try the exe again and you will see something interesting

I wrote an tut for it... and yes i know my english is really bad :x

regards...

sorry GlObal, it's the crash of AIPH.exe, not the target's crash. The addr on my machine is 0x77DFFA1C, which belongs to user32.dll. Error msg box says "The instruction at 0x77DFFA1C tries to access memory 0x0000042B, which is not readable". The target has not been patched yet. My OS is Win2K Adv Server SP2 build 2195.
BTW: There is no default options set when I run AIPH.exe. That is, no checkbox is checked in the GUI when I launch it.

Thx for your tool and nice tuts

I have manually unpacked it and fully cracked it

Hello Solomon,
you are right AIPH crashed under w2k, because i tested it only under win98 and XP.
Here is a never version that will run under w2k i hope
In this version the headpatch was 10 bytes smaller, because CrUsAdEr showed me something that i din´t saw, thank you !
But with this changes the Offsets in the tuts won´t match anymore you have to -10 bytes

regards

Thx GlObal.

I d/l the new version. This time AIPH.exe crashes at 0x00401464, right after it says "no enough space to patch...". Please fix it. Thx.

Hello Solomon,
i am sorry for that all, W2k showed me really how bad i code !
I hope this one will do the job...

regards...

this works. Thx

hi Global,

I tried all the methods(1~6) with ReGet Deluxe v3.1 build 118. The patched file always crashes at addr 6AD8XX. And I set a BPINT3 before I launch the patched exe, but it's not hit. Would u please check it? Thx
hxxp://deluxe.reget.com/dl/regetdx.exe

BTW: I manualy unpacked it and it runs well except that it will crash on exit. Don't know why. Maybe the author uses new trick.

I belive we can forget about it with latest ASPR versions.

They won't run when patched with Aiph.

Reget 3.1 Build 137 build still was patchable, but final Build 138 is not.

So had to go back to unpack it and crack it in the usual way.

A new build of Aiph is needed.

BTW I have no crash on exit. Maybe some fault when adding the import section? It happened to me when doing it on ME, but not on XP.

Hello Solomon and Stone,
first i want to tell a little story about beliving and things like that.
for long time i read a good tut about manually unpacking aspr and the cracker wrote in his tut that is not possible to inlinepatch aspr anymore and i belive him.
This mean i havent tried to inlinepatch it because i belive him.
Some time later my boss tell me that i was an good one and he will give me more money next time and i belive him.
I belive lot of pll and what they say...

Look authors of armadillo say:
There are three Armadillo-attack programs listed there: "Armadillo Killer", "UnArmadillo", and "Armadillo Deprotector". The latter two are unpackers, the first one is a stripper; all three can only work on specific (very old) versions of Armadillo. Even on the versions they did work on, a custom build would break them; they have no chance with newer versions, even public builds of them. Does that answer your question?

Thats also not true because they cant be sure how can i say anything when iam not sure ? :~)
Now iam an old man :~) and i dint belive anyone no more before i dont tried it by my own...
This is my little story

@Solomon
ReGEetDX use not the newest version of aspr but AIPH 1 can´t handle it with one of the 6 method´s so choice 'Layer breaking method' manually and patch it with CRC and end jump.
Than close AIPH 1 and open the patched exe with hiew and go to .6AD831 and replace the orginal 3A byte to 5A and save.
Now put bpint 3 in sice and start the exe and you will see its still working.

best regards...

Global,

Your AIPH is a proof of using own brains

I tried as what you said and it works. But just wonder why change 3A to 5A? what's the meaning behind this change? I checked it with both SICE and W32dasm, can't figure it out. Can u explain it a little. Thank you for your great tool!

GlObAl that proofs you're knowing more than all of us about
Aiph and Asprotect

Agree with Solomon: You're story is nice, but a new tale about the meaning of this 3A > 5A change? How can a poor soul like me figure out something like this.

I aleady found out that the manually patch was the way to go, and I can only presume that the change has something to do with the Asprotect CRC check, as it said: File is corrupt.

Well at least now I've done both, unpacked and fixed, and in-line patched. Works fine now.

Please go on with the 2nd part of your story.

Hi Stone(),
You can't rely everything on tools.Tools only help ya making
life more easier.Many things ya have to find out yourself.

Hello everyone,
first you have to find the right place... open regetdx.exe with hiew and press f7 to search for the word 'kernel'.
the first one is wrong, go on searching.
_.006AD930: 5E D9 2A 00-71 D9 2A 00-00 00 00 00-00 00 00 00 ^+* q+*
_.006AD940: 6B 65 72 6E-65 6C 33 32-2E 64 6C 6C-00 00 00 47 kernel32.dll G
_.006AD950: 65 74 50 72-6F 63 41 64-64 72 65 73-73 00 00 00 etProcAddress
_.006AD960: 47 65 74 4D-6F 64 75 6C-65 48 61 6E-64 6C 65 41 GetModuleHandleA
_.006AD970: 00 00 00 4C-6F 61 64 4C-69 62 72 61-72 79 41 00 LoadLibraryA
this place is right and in every version the same...
so scroll up and it will look like this:
_.006AD830: 1A 3A 53 DE-04 80 9D F1-8D 87 DC 7E-55 D1 47 75 :SÌÇرìç_~UÐGu
_.006AD840: A9 9E A8 E6-C3 9F 29 6C-8F 19 AA 4C-C3 BD B8 10 ®×¿µ+ƒ)lŬL+¢©
_.006AD850: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
so write the address 6AD830 or 6AD840 down to a paper and close hiew.
Now use LordPE to break and enter at the start from the exe.
Put a bpx virtualfree and sice will popup after f12 you see the virtualaddress where aspr code start.
Press u 6AD830 in Sice and you will see what i do at this place...

yes i know its hard to understood but for me is harder to tell it good... :~)

in newer versions of aspr there was an easyer way to inlinepatch it.


best regards...

Thanks GlObAl.

Yes it's hard to understand and eventually I will

At least I can do something with your reply.

Yes, I've seen now what you did and why the 3A > 5A change;
not with SI, as doing as you said u 6AD830 I got 'invalid address'.