p0thead
November 8th, 2004, 09:52
lo all im trying to unpack an asprotected app. PEiD recognizes it as Asprotect 1.23 RC4 - Asprotect 1.3.
i'm keeping to andreas asprotect tutorial from reteam.org.
i can nearly find everything i come to the part where the sections get decrypted (the one with the mov [edi],C3 tracer trick). but i absolutely are unable to find the procedure where the IAT is generated! (the one that starts with LODS DWORD DS:[ESI] ). i watched all seh calls and made my way through with stepping into but i just cant find it! i made a search for the opcodes and i can find a slightly changed routine. just the bytes that stands for emulated apis etc got changed) but this code never gets executed or reached ?! i tried traces etc and completely stepping to the OEP. i wondered if its maybe due to this new delphi protection APSR got coz the main program is a delphi application...
TARGET NAME AND URL REMOVED BECAUSE I'M AN IDIOT AND DIDN'T BOTHER TO READ THE FAQ.
thanx in advance...
i'm keeping to andreas asprotect tutorial from reteam.org.
i can nearly find everything i come to the part where the sections get decrypted (the one with the mov [edi],C3 tracer trick). but i absolutely are unable to find the procedure where the IAT is generated! (the one that starts with LODS DWORD DS:[ESI] ). i watched all seh calls and made my way through with stepping into but i just cant find it! i made a search for the opcodes and i can find a slightly changed routine. just the bytes that stands for emulated apis etc got changed) but this code never gets executed or reached ?! i tried traces etc and completely stepping to the OEP. i wondered if its maybe due to this new delphi protection APSR got coz the main program is a delphi application...
TARGET NAME AND URL REMOVED BECAUSE I'M AN IDIOT AND DIDN'T BOTHER TO READ THE FAQ.
thanx in advance...