johndoe1
February 29th, 2004, 14:48
hi,
i tried to look this question up, but i didn't find it yet.
i want to patch an aspr protected app
because of the crc checking of the packed exe
i decided to try to create a loader using r!sc process patcher
in a tutor from r!sc process patcher it says
----------------
first patch, aspr protection checks the byte @ 57d31b, if its 0, it
calls createprocess, and uses writesprocessmemory to put a '2' @ that
rva, so it knows it has re-created itself, thus voiding any loader
handles, and calls exitprocess, to let the new one run..
------------------
i think this '@ 57d31b' is different on various versions of aspr
but.. now my problem
this aspr has a anti loader feature that works not at the same RVA
I mean if i have a loader start the packed exe.. the exe creates a new thread
starting itself again thus avoiding the loader...
how can i bypass that ???
how can i find out which RVA to processmemorywrite ??
grtz, JohnDoe1
i tried to look this question up, but i didn't find it yet.
i want to patch an aspr protected app
because of the crc checking of the packed exe
i decided to try to create a loader using r!sc process patcher
in a tutor from r!sc process patcher it says
----------------
first patch, aspr protection checks the byte @ 57d31b, if its 0, it
calls createprocess, and uses writesprocessmemory to put a '2' @ that
rva, so it knows it has re-created itself, thus voiding any loader
handles, and calls exitprocess, to let the new one run..
------------------
i think this '@ 57d31b' is different on various versions of aspr
but.. now my problem
this aspr has a anti loader feature that works not at the same RVA
I mean if i have a loader start the packed exe.. the exe creates a new thread
starting itself again thus avoiding the loader...
how can i bypass that ???
how can i find out which RVA to processmemorywrite ??
grtz, JohnDoe1