Hi,
Somebody please help me on finding the correct OEP from ASProtected software.

Here's the program:
<deleted> K.

I only need tut on how you find the correct OEP. I will configure myself on how to rebuild the IT later.

2ng program :
<deleted> K.

TIA,
Shopping_Guide

as above

Not bad(=very good) idea for finding OEP is:

1. Determine compiler type
2. Search for OEP according to same compiler-compiled-executeble.

Greetings,

I'm interested about it too, had read some postings about OEPfinder, which finds it but too late seems to me when the app is loaded i can;t figure out how were the registers set before jumping, thanks rebased OEP the address is discarded on next launch ;(, anyhow I'd be glad to hear some advice if I can somehow misuse ;-) the address since the oepfinder is the far fastest way to find it

Another solution I know use /tracex in icedump but is very slow, or, Tracer in RV, but it crashes on my system.

With ReGet deluxe 3.0 (124)

i did this:

BPX GetVolumeInformationA
F11 1 time
F12 4 times
BC*
/TraceX 400000 61,ff,e0
Wait about 8 secs, and then CTRL+D
F10 1 time
BPX on the instruction right under the jnz
/TraceX 400000 eip-8
/TraceX 400000 eip-8

Now you are at the OEP.

BTW i just finished a tut on "inlining" Reget Deluxe 3.0 (124), so if anybody are interested then let me know.

Thanks for the tips for finding the OEP on reget,

definantly interesting in seeing your tut on inline patching it

Okay here is the tut, but i have to warn you, it's not a real inlining, because i still got no luck with the aspr crc checks.

BTW my way it's NOT a clean way to do it.

not difficult to find OEP of ASPR(or other packers) if u know how to by-pass their anti-tracing SEH structures. Latest ASPR uses about 30 SEHs.

If you use Win2k, revirgin can trace that puppy right down. Use the "tracer" feature, it is fast and awesome.

-nt20

Hello everyone,
imo is the loader.exe from the anti*racksite the best soulution for newer ASPRotect. It will show you all things in few secounds also the OEP

Dear Alexy,
you have fix the free space after the layers in your new ASPR versions. It was an nice idea but you have open a nother big door 5 bytes :~)
So my new AIPH version has only 3 Buttons, Open, Patch and Exit.
Maybe you can fix it before i make it public :>

Best regards...

hahaha - alexey will love you!

figugegl

Good to hear that a new version is in the works, now that I managed to in-line patch my beloved Asprotect apps.

Works like a charm for apps like Reget 133, but indeed the move to fix the free space was somehow limiting at first sight, but there's now enough new one to jump to.