I'm download a program modelmaker 7.05d. it seem protectd with asprotect
but astripexp don't work with it. I using:
olly 1.09d
LordPeDeluxe (dump)
PeEditor 1.7 (change eop and seccions)

But can't get the program run! Showm a message box with a very much symbols and a referento to a dll lnpg.dll (modelmaker owner). For this I can,t use the revirgin to rebuild the IAT. What a have to do?

thanks

Use Import Reconstructor, and with the call magic, you nop, and the table will be resolved 90 %, only you can fix at hand the 10 or 11 enters of the IAT, are allways equal in all asprotects.

GetProcAdress, GetModuleHandleA, GetCommandLineA, SetHandleCount, GetVersion, GetCurrentProcessId and FreeResorce, use a program you can unpack with asprstripper and compare, th enters of the IAT, the lines of this emulated apis are always equals, or very similarity, i mede two tuts of asprotect 1.2 1.3 and the NEW ASPROTECT with ofuscated STOLEN BYTES, but are in spanish.

Ricardo

This is not a cracking board, please take your questions elsewhere.

Ricrado Narvaja: You are very naughty to help out here. This is not a cracking board - please do not post answers to cracking related questions.

Great ,i have this ploblem too,Some prog ,i can unpack and run well,but some prog still don't work .
I use Imprect to rebuild ,and trace all api call with trace level 1,and it have some invalid ,then i trace with asprotect plugin,it work well,but some prog (Cryton button 2.0)have one invalid ,i select switch to loader ,and fix dump ,but still don't work.

Ricado,It's very great if you tranlate your tut into English lang ,Yeah it' will very usefull to everyone again

the friend who translated my old tutes have the PC broken for this reason i have no posibility of decent translation in the moment.
The repair of the iat only whit the IMPREC tracing level 1, and plugins dont work, two or three apis are bad repaired.

Ricardo

For the Anonimous what post before, only unpack a program is not cracking is only unpacking, if i speak of a name of a program you have reason if mentioned how unpack a NAME of a commercial program, but never name of a comercial program has been mencioned, for this reason is not a cracking post is a unpacking post.

Ricardo

Teerayoot and Ricrado Narvaja
please do not respond/post anymore cracking related posts. i know that are not specific in howto but i dont want to loose the host again. so please be understable and keep the posts only OllyDbg related and no cracking/reversing even if it uses OllyDbg.

thanks

i´m sorry guys for mention of a program, i´m studding, packers, pe´s and other related subjects.

I use the oly with ollydmp plugin but, but when i open import reconstructor there is very many call (not only 7 to 10). What to do?

I can't answer here mail me to ricnar22@millic.com.ar and i tell you.

Ricardo Narvaja

Ricado,I 'm clue about your first reply topic(Magic jump),and i 'm not experian in unpacking ,Some how i can unpack some program ( i don't know what's version that he use asprotect),just dump prog and rebuild it .However (that i said before)some programe have one invalid (yes many many have alway have one invalid,after i trace with asprotect plugin,but some prog, imprect fonund api about 3-6 api call that plobably i may supply wrong oep )

Hmm,explain long enough.i need you help me (teach )how to manual rebuild that invalid api call) .

TBD,i will never refer or name a commercial programe again for make this board non cracking .But just a talking about reservving knowlange.


Yes,if i said mush more,U will notice that i use a broken language.
Apologize for my bad language.

Give your mail and i write in private is easy.

Ricardo

Unpacking ASProtect with Olly Debugger is a piece of cake
You may find the OEP in 30 sec... and stolen bytes too
Then go to OEP and dump
Use ImpRec to resolve APIs.
The end

Yup, Alexey makes it easy for us by using SEH (which he thinks makes it harder to reverse... ho hum

arrive to the oep step by step and dump it.
then ,you can use imprec to find the IAT for repair the file.
if you can't run it successfully,you may to resolve the APIs and relocate it,even you must find the lossed code and create a section to reload them.

BruceLee, can you send me an email to homersux2000@yahoo.com please? Thanks.