hi all dedicated members out there.
sorry for bothering but i'm facing difficulty in unpacking asprotect.PEid shows asprotect 2.xx.I've read some tuts for hints regarding asprotect,but cudn't make the head or tail of them.i've problem finding out the actual oep of the unprotected app.i employ the usual break on code section just before the last exception.but it lands on some crap obfuscated code.and, can anybody tell me what exactly are hidden bytes and how to restore them.i hope someone throws light on how to get the original oep.waiting for replies...

Quite a bit of work has been done on the 2.x version over at the ARTeam site, (see the bottom of the page), you might want to take a look over there, working with ver. 2.x can be a real pain or joy depending on your interests, good luck!

SiGiNT

Did you do a right click in the code window then "Analysis" then "Analyse Code"? (or control A)

I'm working on a similar problem which brought me to this thread. After analyzing so it looks like something, I dumped (knowing it was fu) then PEiD'ed the dump. PEiD recognizes the entry of the dump so I'm thinking maybe there are no stolen bytes. (in my case maybe not yours) Then again I'm pretty green at this so that theory could be all wrong too.

If you have any info on re-building th IAT would you share it with me?

mcnorth.

Try tuts4you.com. They posted 3 ASProtect 2 tutorials that may help.

Good luck,
mcnorth

Show us some code (without target name).