pknight
September 12th, 2002, 06:04
Hey, I'm new to manual unpacking.. Been plugging away at unpacking an asprotected .EXE & I've had a *little* success 
I used the loader.exe (mentioned in other posts), dumped w/ ProcDump and rebuilt the IT w/ ImpREC. The unresolved API calls I resolved w/ the list evaluator posted (thnx evaluator). Revirgin didn't seem to resolve ANY API calls which was wierd.. I corrected the GetVersion entry (GetCommandLineA).
The result? I have an executable that actually runs (<grin> - a first for me w/ asprotect hehe). However, if I load the .EXE in OllyDbg I get the following message:
Bad or unknown format of 32-bit executable file
If I try to use IDA, I get:
Can't find translation for virtual address 001600AC
The .EXE doesn't seem to be quite up to par yet. Any suggestions?
-pknight
PS. Is there a SuperBPM equivalent for NT SICE? I'm running SICE under XP and my breakpoints/p ret's aren't triggering
PSS. are string refs too much to hope for w/ an asprotect unpack?
(thanks in advance!)
I used the loader.exe (mentioned in other posts), dumped w/ ProcDump and rebuilt the IT w/ ImpREC. The unresolved API calls I resolved w/ the list evaluator posted (thnx evaluator). Revirgin didn't seem to resolve ANY API calls which was wierd.. I corrected the GetVersion entry (GetCommandLineA).
The result? I have an executable that actually runs (<grin> - a first for me w/ asprotect hehe). However, if I load the .EXE in OllyDbg I get the following message:
Bad or unknown format of 32-bit executable file
If I try to use IDA, I get:
Can't find translation for virtual address 001600AC
The .EXE doesn't seem to be quite up to par yet. Any suggestions?
-pknight
PS. Is there a SuperBPM equivalent for NT SICE? I'm running SICE under XP and my breakpoints/p ret's aren't triggering
PSS. are string refs too much to hope for w/ an asprotect unpack?
(thanks in advance!)
