Log in

View Full Version : Asprotect 1.23 RC4


kik44
May 30th, 2004, 19:40
Hello

I try tu unpack files with asprotect 1.23 rc4 and when i open it, then select it at imprec, then i click on IAT Autosearch it says "Could not find anything good at this OEP! :-(" Then i put oep and try again but i have the same error.

Any idea what can i do?

naides
May 30th, 2004, 21:24
Quote:
[Originally Posted by kik44]Hello

I try tu unpack files with asprotect 1.23 rc4 and when i open it, then select it at imprec, then i click on IAT Autosearch it says "Could not find anything good at this OEP! :-(" Then i put oep and try again but i have the same error.

Any idea what can i do?


Try this:

for (int myoep= 0x40000000; myoep <= 7fffffff ; myoep ++)

{
Imprec->tryout (myoep);
if (Imprec->result_message_iatautosearch() == ("IAT found"
cout << "got it, OEP was: " << myoep << endl;
}

brutish but effective way to find the OEP .

kik44
May 31st, 2004, 04:06
i'm new with unpacking, where i put this? Excuse my noob questions i put on pluggin for olly or is only for imprec, i don't find where i need to put on imprec

jingjang
May 31st, 2004, 04:07
have same problem
Get this error to sometimes 'OEP does not match Memorry' but then i guess i must have input the wrong OEP .

naides
May 31st, 2004, 09:33
Quote:
[Originally Posted by kik44]i'm new with unpacking, where i put this? Excuse my noob questions i put on pluggin for olly or is only for imprec, i don't find where i need to put on imprec


I guess I was too cruel with my little joke. . .
There is no way to make Imprec run my BS code snippet, It was a tongue in chick way to say that a correctly identified OEP is a pivotal task to unpacking, you cannot find an OEP by ImpreC trial and error.

If ImpreC finds not valid IAT
Chances are your OEP is not correct
SO: How do you come up with the OEP of a packed program?
What is OEP in contrast with EP?
There are tons of tuts comments and posts in here and else where that deal with this issue.

silkscalp
June 3rd, 2004, 17:56
OEP : This the entry point of the program unpacked. When we have the OEP we write it instead EP after haved Dumped the programme


EP : Entry point of the program packed, the execution of the code begin here. When we have dumped the program , the OEP will be the EP for begin after the routine of unpack...

If I'm wrong tell me or precise it.... Thank's