ASProtect 1.3B Stolen code Finder [Archive] - RCE Messageboard's Regroupment

View Full Version : ASProtect 1.3B Stolen code Finder

loveboom

April 6th, 2004, 04:46

/*
//////////////////////////////////////////////////
ASProtect 1.3B Stolen code Finder v0.1
Author: loveboom
Email : bmd2chen@tom.com
OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.62
Date : 2004-4-6
Config: Ignore all Exceptions except "Memory access violation",Hide Ollydbg.
Note : If you have one or more question, email me please,thank you!
//////////////////////////////////////////////////
*/

var eval //esp value
var eaddr //eip address
var faddr //Findop return address
var evalue //eip value
var pvalue //ebp value
var ismodt //mode 2

start:
findop eip,#EB01#
mov eaddr,$RESULT
sub eaddr,eip
sub eaddr,2
cmp eaddr,0
jne mod1
mov ismodt,1

mod2:
jmp lbl1

mod1:
mov ismodt,0
mov eval,esp
sub eval,4
run

lbl1:
eoe lbl2
esto

lbl2:
mov eaddr,eip
mov evalue,[eaddr]
sub evalue,8F640031
cmp evalue,0F640032
je lbl3
jmp lbl1

lbl3:
findop eip,#C3#
cmp $RESULT,0
je lbl1
mov faddr,$RESULT
sub faddr,eip
sub faddr,3D
cmp faddr,0
je lbl4
jmp lbl1

lbl4:
cmp ismodt,0
jne jmod2
mov faddr,$RESULT
eob lbl5
bp faddr
esto

lbl5:
bc faddr
mov pvalue,ebp
bphws pvalue,"r"
run

lbl6:
bphwc pvalue
findop eip,#C20800#
bp $RESULT
eob lbl7
run

lbl7:
bc $RESULT

lbl8:
eob lbl9
sti

lbl9:
mov pvalue,ebp
sub pvalue,eval
cmp pvalue,0
je lblend
jmp lbl8

lblend:
cmt eip,"Now please fix stolen code,and then dumped it!"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret

jmod2:
eob mod1
esto

Anonymous

April 6th, 2004, 08:51

not working on Reg1aid,protected by asprotect 1.23

loveboom

April 6th, 2004, 21:54

Anonymous
not working on Reg1aid,protected by asprotect 1.23
for asprotect 1.3b,not 1.23

Anonymous

April 7th, 2004, 04:46

will you please tell which program is protected with 1.3b, in the protector homepage only 1.23 is mentioned.

loveboom

April 7th, 2004, 22:07

Anonymous
in the protector homepage only 1.23 is mentioned.
yes,www.aspack.com,only v1.23rc4,but if you are register use,you can get the aspr 1.3b.AlfaClock V1.61 Beta or c32asm is protect by aspr 1.3b.i think my script for aspr1.3b can help you!

Anonymous

April 7th, 2004, 23:51

Grateful to you , Thanks a lot.

Anonymous

April 9th, 2004, 12:05

it only works with win2k ?

Anonymous

August 21st, 2004, 06:26

I have a Question.
Is the Asprotect 1.3b in the RPG Maker Xp?

shERis

August 25th, 2004, 21:35

Hi loveboom!
I tried your script and found the following:
1. eob lbl6 is missing. I assume it must be in lbl5 part. The script cannot be finished successfully.
2. sub evalue,8F640031
cmp evalue,0F640032
seems very strange. I assume you search for a special sequence of commands. Perhaps it must be cmp evalue,0 ?

Please correct the script.
Thanx
~hERi~

Anonymous

September 15th, 2004, 01:29

hey can anyone help me unpack a program packed with aspr 1.3?please add me at naomikx@hotmail.com or send me a mail to h3r4in@gmail.com