View Full Version : asprotect 2.0x working tut?
jmp dword ptr [xxxxxxxx]
call xxxxxxxx (high mem)
* Reference To: msvbvm60.EVENT_SINK_Release, Ord:0192h
|
:00404B2A FF25C4114000 Jmp dword ptr [004011C4]
* Reference To: msvbvm60.GetMemStr, Ord:012Fh
|
:00404B30 FF25F0104000 Jmp dword ptr [004010F0]
* Reference To: msvbvm60.PutMemStr, Ord:0135h
|
:00404B36 FF251C114000 Jmp dword ptr [0040111C]
:00404B3C E8BFB4F500 call 01360000 <-- looks ripped
:00404B41 84E8 test al, ch
:00404B43 B9B4F500F9 mov ecx, F900F5B4
* Reference To: msvbvm60.EVENT_SINK_GetIDsOfNames, Ord:0193h
|
:00404B48 FF2500104000 Jmp dword ptr [00401000]
* Reference To: msvbvm60.EVENT_SINK_Invoke, Ord:0194h
|
:00404B4E FF254C104000 Jmp dword ptr [0040104C]
* Reference To: msvbvm60.GetMemEvent, Ord:013Fh
|
:00404B54 FF2520124000 Jmp dword ptr [00401220]
* Reference To: msvbvm60.PutMemEvent, Ord:0140h
|
:00404B5A FF25B8124000 Jmp dword ptr [004012B8]
* Reference To: msvbvm60.__vbaChkstk, Ord:00B6h
|
:004226FE E8AD1FFEFF Call 004046B0
:00422703 53 push ebx
:00422704 56 push esi
:00422705 57 push edi
:00422706 8965E8 mov dword ptr [ebp-18], esp
:00422709 C745EC40134000 mov [ebp-14], 00401340
:00422710 C745F000000000 mov [ebp-10], 00000000
:00422717 C745F400000000 mov [ebp-0C], 00000000
:0042271E C745FC01000000 mov [ebp-04], 00000001
:00422725 C745FC02000000 mov [ebp-04], 00000002
:0042272C 6AFF push FFFFFFFF
:0042272E E8CDD8F300 call 01360000 <-- ripped
:00422733 94 xchg eax,esp
:00422734 C745FC03000000 mov [ebp-04], 00000003
:0042273B C78524FFFFFF00000000 mov dword ptr [ebp+FFFFFF24], 00000000
:00422745 C7851CFFFFFF0B000000 mov dword ptr [ebp+FFFFFF1C], 0000000B
:0042274F 8D951CFFFFFF lea edx, dword ptr [ebp+FFFFFF1C]
:00422755 8D4DD0 lea ecx, dword ptr [ebp-30]
:00422758 E8A3D8F300 call 01360000 <-- ripped here
:0042275D E5C7 in ax, C7
:0042275F 45 inc ebp
:00422760 FC cld
:00422761 0400 add al, 00
:00422763 0000 add byte ptr [eax], al
:00422765 833D24D0460000 cmp dword ptr [0046D024], 00000000
:0042276C 751C jne 0042278A
:0042276E 6824D04600 push 0046D024
:00422773 68B0DC4000 push 0040DCB0
:00422778 E883D8F300 call 01360000 <-- more ripping..
IsDebuggerPresent is properly hidden of course.