Have any one try to unpack it yet ? Many thing new !
A lot of different from 1.23 RC4 and I'm stucked now
You can try to unpack the download to know what is different.

i guess its a lot diffirent if you strickly rely on methods you learn from tutorials... some mechanics are new but nothing changes for me cept additional step at getting imports ;\

/me pinches ura

im checking it out.. appears to be different..
is that a bpx check i see? getting error when bpx is left on IsDebuggerPresent.. >:|

looks the same, not much different at all...
OEP is 401000...

just trace till the PUSH 0C.. set a bpx on teh push 0c..
dont BPX the RETN down there.. because it gets obfuscated and the RETN isnt executed..
there will be one more retn in that process, f7 that.. and it adds up OEP like normal ASPR...

lets see about the IAT..
havent got it resolved yet!...

whats that extra step

:X!

There is a companion thread on exetools regarding this files. You will find it at:

http://www.exetools.com/forum/showthread.php?t=4294

Regards,

hi JMI..

wondering if you can get me added to members on ExeTools forums?

Id like to resond to some of the threads over there.. but seems the forums registration is locked..

MEPHiST0:

Read my first post in this thread and then you would already know the answer to your question.

http://www.woodmann.com/forum/showthread.php?t=5915

The relevant part is:

"Again, I do not make these policies, so there is no point in sending me a PM complaining about such things, or asking me to do something about them, or asking that I get you or a friend a membership."


Regards,

my exetools acount seems dead now been so long since i used it anyway.
That extra step was patching some shit when aspr builds the imports and then doing a dump of the table.
Imprec was dead in this case so manualy was the answer :|
il probely tell u in the *other* place

What is "the other place" if I may ask, considering that you just said your exetools account was dead (and hence you cannot post there)?

MEPHiST0:

Exetools is open for READING by guest/unregistered, so there should be no reason why you could not at least READ the companion post there on this unpackme.

Regards,

sorry JMI, i did not mean for it to sound like complaining..

i just want to be a part of exetools forums as well as woodmann forums

sorry i only mean an ircd somewhere

Hey, this version brings something to play again (just like some years ago....)

I wonder how many api's Alex. has pre-coded ! or has he coded some smart generation routine which cuts and pasts the used api's..... .
It looks like some other packer which allso took some bytes from the used api
and pasted them in his own routine before calling/jumping to the api-location some bytes further... .
Think it has all to do to prevent us to use our semi-automatic toolsssss,(bye,bye imprec___)
h'...mmm how should we patch all those jmps now??? :hmm:
Let's wait till his "final" release

SpeKK.

spekkel : u r forgetting Imprec supports plug in... Imprec will still owns Asprotect anytime

Yep i know all about plugins......................... .

But giving here iat info's (rva ) will give some problems, isn't it ?
(did you try it?)
Problem: imprec doesn't recognize the addresses like [xxxxxxxx] .
plugin could indeed be made if you give the right tracing address.
btw there are calls wich go straight to aspr code and calls to jmps (inthe main exe) which will lead to the aspr code.

SpeKK.

lol... of course i know that ... u might not remember but u were the one who introduced me to imprec plugin ... cant remember if u even sent me some source code...

just that unless aspr can do worse than "import table elimination" by armadillo... imprec will do just fine, of course some manual work is required...