I'm working on a program that appears to be packed with AsPack, but none of the unpackers work sucessfully.
So, I've tried working through it a little at a time.
It has some fairly good SoftIce detection that I've not been able to find - it either just halts the machine with a totally blank, black screen (if I3HERE ON) or causes a page fault in the kernel (if I3HERE OFF).
However, it runs OK under TRW2000.
Well, I've been single stepping through all the disguised JMPs, relocated encrypted code, and other crap, and I eventually end up at an INT 30 which seems to execute the program if I let it go ahead. If I trace into the INT 30 I never seem to reach the actual program code. In truth there's actually EIGHTEEN INT 30 calls which seem to involve stepping into FindClose (!!) and Kernel32!ORD_0001.
I confess to being at the limit of my technical ability on this one and would appreciate any help that you'd care to offer.

PS the general structure of the program is -
start executing around 5BE000-setting up code in high memory, then pass control to 1270000 which contains more code relocation and all the "tricky bits".
Then finally the program itself which executes in the normal 400000 area.

Even though a post like this, having any resemblance of the poster actually having read the FAQ, would be quite an unheard of thread-starter in the unpacking forum, you might have more luck with this subject among all the unpacking freaks there. Not that most people don't actually read all the forums, but anyway, you never know. Not that it's not welcome in this forum too, I'm just saying...

Nice reply, so much.. and yet so little.

Getting a bit cocky just because you have to fight the same polar bears as one of the admins when getting to work in the morning, are we? Stay on topic!

maybe this is a new aspr. trick and it's not aspack... PM the target.. i would like to see it

Oooops......sorry.........I meant asprotect.
cRk, I've PM'd the target to you.

Regards, Len

Delta: There are no poalrebears in Sweden! Why does eveyone think that?

lenwuk: Have you tried asprDebugger? It might help you on your way.

lol, calm down dude.. he was just kidding

Harding:
Kanske för att plikttrogna svenskar som jag och SvensK gör vårt bästa för att hålla liv i dessa rykten, så att vi inte ska bli invaderade av galna amerikaner om de väl skulle märka hur fint och fridfullt det faktiskt är här... eller nått. Btw, svara inte något på svenska i detta forum, man får bara prata engelska, och det är bara admins som får bryta mot reglerna.

Btw, asprDebugger is a fine product of Sweden too...

Hi!

Don't believe a word they're saying, I definitely have polarbears in my backyard! I can see them now, chasing my neighbour up a tree...

btw, asprdbgr, was pretty ok , but I have done some stupid untested changes to it, from lack of time, and also alexey has finally made some interresting changes to his packer, that ruins my app completely...

It would require some time reversing/beating/testing that I don't have...
(Though it might not be SO hard...)

In fact I'm completely off cracking/reversing now, though I can't resist lurking here, from time to time...

/Manko

Manko ?

Are you serious about bears, can you make some photos and send me. I'd like to see them.

Have you tried that I sent you (no IAT with ASPR)

Download next

Post Smile

from w.w.w.PostSmile.com , same trick there.

Zilot

Of course he's serious about the bears, here's a picture I just took in my back yard (they can get kinda lazy sometimes after eating a neighbor or two, and that's when you sneak out to work).

This is one of the best thing I saw on this forum...................

Thanks Delta for this remarkable picture, excellent !!!!!!!!!!

Now I have what to show to my neighbours, they will be surprised how situation can be serious when they don't pay attention when go out to get some wood for fire....

How life can be weird........but always brings some new excitings, you are meeting new friends (white ones in this case) with lot of weird stories....

Så jag kommer bli "flammad" (?) för detta då? ;-)

So there are some swedes out there who know about RE. I thought it was just
russians and spaniards that did that :-)

Shhh, that's what we _want_ them to think...

im not thinking its a feature, its a bug nothing more compatibility error from Aspr to software. out

lenwuk!!!

I read you post & remember myself as newbie! (
Because same thing was happend with me..

OK, that happens, because you are going from
assprs Exception Handler & then code goes into VMM..

You need: learn, how works Exception Handling in Win,
so then you will now, where continues program execution.

***
& upper of my post resides 1T helpfull reversing info!?