I did download all aspack scripts but not support this program aspack212
how can I unpack this programs

http://www.billybear4kids.com/BigCatRescue/ColoringBook/BigCatColorboo k.exe
("http://www.billybear4kids.com/BigCatRescue/ColoringBook/BigCatColorbook.exe
")

http://www.billybear4kids.com/PrimateRescue/ColoringBook/MonkeyColorbo ok.exe ("http://www.billybear4kids.com/PrimateRescue/ColoringBook/MonkeyColorbook.exe")

Hit F7
In dump Hit CTRL+G and type ESP,
hightlight first 2 bytes , and set a BP hardware on access on word
Hit F9,
Hit F7 3 times....you are at OEP

CTRL+G and type ESP, this key not work
error unknown identifier

there are hundreds of tuts of aspack is a protection defeated long time ago, download a tut and unpack is very easy.
And is not type ESP, in the register windows in ESP you right click and FOLLOW IN DUMP, and in the dump window mark the bytes (can be 2 bytes or 4 bytes is the same and put a hardware breakpoint on access, and RUN, when the program stop you are very close to oep trace with f7 twp or three lines and you are in the oep.

Ricardo Narvaja

thanks for help
I can't not unpack and dump because this program extract a dll plug in.

I did used lordpe (dump) and improc 1.6 (dump fix)
but not run my dumped exe

how can I correct dump and unpack

thanks

well is difficult say without look the error of the dumped .

Ricardo Narvaja

I have a similar problem with DLLs too.

I tried to use the simple way with aspackdie (unknown algo 3).
(But it seems that it could not be load using loadlibrary. In RVA there seems to be some mistakes i think)

Anyway, tried to use ollydebug with an aspack script. Found OEP and RVA. Dumping using Olly doesnīt work because of unreadable memory. Using Lordpe and correcting OEP doesnīt work. => not a win32 executable.... *grrr*

In every tut thereīs only the OEP correction but the import sections seems to be okay so far. whatīs about the relocate table? It seems to be unnecessary?

you need use IMPORT RECONSTRUCTOR to fix iat, is similar to an exe.

Ricardo

hi guys i have the same problem but with another prog but pack with aspack 2.12
can some help me please
the prog nam eis photo2dvd studio 3.2.0.6
thanks u

you need use IMPORT RECONSTRUCTOR to fix iat, is similar to an exe.
I used Import Reconstructor but it seems that there are some relocations not correct. Even if i use aspackdie instead of manual unpacking. (aspackdie gives unknown algorithm 3 but seems to work, aspack 2.12b - dll).

The dll can be loaded once but after freelib and new loadlib it crashes while accessing undefined memory area!!

So whatīs about this "relocations" the aspack 2.12-dll unpackscript shows? Do i have to change something more than Import Table?

Regards..

I have same problem.

Script findīs right OEP but not adress of IAT. Can somebody explain to me what the "Relocate Table" the dll-unpack script getīs is for??? (Itīs definitely not the IAT adress...)

I have same problem. DLL can be unpacked but crashes after second load accessing wrong memory. (This could be a relocation problem because in first load the memory is defined but the main code is starting at another adress!)

thx