magistral
August 24th, 2002, 05:01
Last days i've trying to unpack asprotect protected programs.
i've seen that both rv and imprec fails in resolving all the api's (without appling the asprotect plugin). (btw the plugin always fails in at least 1 api and resolves it wrong).
Those not resolved/bad api's are (in most cases) this:
D8133C GetModuleHandleA
D8139C GetCommandLineA
D813B4 LockResourceA
D81358 GetVersion
D81390 GetCurrendProcessID
D81388 GetCurrentProcess
D813C4 GetVersion or FreeResource
The adresses are the pointer in the application that rv/imprec cannot resolve. Ofcourse those addresses are from 1 paticular application, but i've seen that in a lot of applications, the pointer always end in the last 4 values eg: 133C, 139C,....,13C4.
Maybe aspr have some pattern in emulating the api's.
I've seen in aspr that always is 1 pointer = 1 api call.
But, what will happen whan alexey just make a redirection algo that put 1 pointer = n api call's. ?.
Which kind of solutions we will have?, we will must to emulate the apis in the unpacked exe?.
That is a good point to start investigatin, before alexey.
Hey alexey, start to improve aspr, u lazy.
.
greets.
i've seen that both rv and imprec fails in resolving all the api's (without appling the asprotect plugin). (btw the plugin always fails in at least 1 api and resolves it wrong).
Those not resolved/bad api's are (in most cases) this:
D8133C GetModuleHandleA
D8139C GetCommandLineA
D813B4 LockResourceA
D81358 GetVersion
D81390 GetCurrendProcessID
D81388 GetCurrentProcess
D813C4 GetVersion or FreeResource
The adresses are the pointer in the application that rv/imprec cannot resolve. Ofcourse those addresses are from 1 paticular application, but i've seen that in a lot of applications, the pointer always end in the last 4 values eg: 133C, 139C,....,13C4.
Maybe aspr have some pattern in emulating the api's.
I've seen in aspr that always is 1 pointer = 1 api call.
But, what will happen whan alexey just make a redirection algo that put 1 pointer = n api call's. ?.
Which kind of solutions we will have?, we will must to emulate the apis in the unpacked exe?.
That is a good point to start investigatin, before alexey.
Hey alexey, start to improve aspr, u lazy.
.greets.