Hi PPl:

Firstly, Hiya +SplAj guru Glad to see you're back ... Now thingz get interesting ...

OKey, I've managed to "fix" an application so that it is completed unpacked and regged. Now what I want to do is to make a patch for it.

But, the packer is our fav. ASPR and the proggie itself is doing lot of CRC checks of code. I have all the original CRC bytes and need to poke it into the memory using a loader.

My idea is as follows:

(1) Break at the OEP of the proggie (After ASPR does its job)
(2) Alloc Memory in the Target app and write original CRC values
(3) Modify the CRC checker code to read this CRC values instead of computing it
(4) Regg the application (Memory writes)

I've written the loader using the Debugger approach and it works perfectly fine. I am able to break at the OEP (after ASPR does its work) so now I just have to poke the correct CRC values. But question is where do I store these values. I try to call VirtualAllocEx but it fails with error code = 120 (This Op. is valid only on Win32??? whatever that means )

Can somebody help??? I believe AIPH is used to make patches for ASPRed apps. But I try with latest AIPH version and they fail.

Also can I create a section and write the CRC values there? If yes, is there a library out there that can add sections to PE file programatically. I did find some sample code on Icz. web site but it doesn't work on target (ASPR says File Corrupt )

Signed,
-- FoxThree

Try to visit : http://y0da.cjb.net (Code snippets section)

best regards,
.:hack3r2k:.

Hi Fox3

that's a nice challenge you set yourself. However, lets review the reason for doing it.

1) You unpack and rebuild a target
2) You fix the annoying bugs made by programmer
3) You have no HD space left on your 120GB IBM ATA100 HD (too much mpeg pron)
4) You need to discard your 3 meg exe and revert to using original 800k exe but need to patch it with loader/in-line.
5) you try GlObals AIPH (but it fails on your target)
6) you want to re-invent wheel......STOP!

Then lets ask GlObal for his assistance (if he has some spare time). He spent a lot of hours studying aspr codewoods to create his application. He generously gave us a release version to play with. So we should try and develop it , team work blah blah , the nice way

It just needs a 'Yureka' event for us mere 'unpackers' to get into his in-liner code and understand AIPH and make it work for ANY target. (but really you have to manually unpack/rebuild because how to fix bugs otherwise ?)

NB
==
If ANYONE considering releasing lame-ass-patches-for-the-masses then /ME == NOT interested.

foxthree: solution to that problem of yours: use the new windows media 9 series video encoder:
"The new WMV 9 creates high quality video for streaming, download-and-play, and physical format delivery, with a 15-50 percent compression improvement over WMV 8 (the highest gains occur at the highest bit rates). This means that a WMV 9 file is typically only half the size of a MPEG-4 file of comparable quality."
(from http://www.microsoft.com/windows/windowsmedia/9series/encoder/quality.asp)

that should help solve the problem you have of having your porn take up too much hd space, like you said

hehe, I guess fox3 means dealing with CV 3.

If so we can put the hash values at the entry point of MD5Update( ). This is a very long procedure and it is called only by the the crc check routine. So there is enough space to hold the hash.

Tamos product unpackers

If you use the 'SV Black-Box' system it uses only 90 (Dec) bytes to
fool the CRC loop in CV3.4

I thought we discussed this already ?

I did review that CV3.4 thread and let out a big sighhhhhh, no further comment here.



Disa,

does WMV 9 make horse dick == midgey's dick ??? I would not want to go blind following the action

Hiya +Splaj guru:

I think you misunderstood me. Me wanna make patch so that I need not have to repeat the same exercise for Win9x and Win2K (rebuilt IT and paste etc...) Since, I unpacked in NT, I wanna make it work without much ado under Win9x too. Thats' why. I *NEVER* release patches for lame-ass-public

Also, I tried both Solomons' and your SV-Black-Box method, +SplAj and both "ROCKS" absolutely.

BTW, Solomon, nice guess and you're right and yipppeee my lil' loader works like a charm on both Win9x and Win2K on the latest CV 3.4.243

In Evals' words, ALLA FINITA COMMVIEW COMEDIA

Thanks +Splaj for you rather humurous comments and disa, u too.

I'll be seeing you "gurus" around

Signed,
-- FoxThree

PS: +SplAj guru, check ur PM