Alchemy Lab, 1999-2002 ver 3.6.12 "A unpacking history; no more Asprotect" 22/8-2002 1. Introduction 2. What the developer says 3. Tools 4. The beginning 1. This tut is gonna be clean and fast so have patient. What we´re gonna do is simply to kill asprotect from one selected target (in this case Alchemy Lab) 2. This is what the developer says about their product: "Alchemy Eye is a system management tool that continuously monitors server availability and performance. In the event of network errors, Alchemy Eye can alert the network administrator by cell phone or pager BEFORE problems get seriously out of hand." 3. Before we go any further make sure to have this at your hdd: The target ;P (www.alchemy-lab.com) Loader (?, try looking at http://protools.com) or mail the author (fs0@163.com) Import REConstructor v1.4.2 (http://protools.com) PEeditor 1.7 (or lower) (http://protools.com) 4. The target aint actually very hard but it can be difficult if you dont know how to use the tools. Step 1 is therefore to launch Loader and follow the instrucions (hard ey? =) When the Loader is done, it will generate a OEP so type it down and continue reading. Step 2 is a simple as nr. 1, so now launch PEeditor and change the entry point to the one you wrote down then click the "sections" button and right click on any section and choose the dumpfixer option (NOTE: you can if you feel like it also choose the "set the characteristics to E0000020"). Now when your done with step 2, you should launch ImpRec (NOTE: Make sure to have the original Alchemy Lab program running before starting ImpRec). When you´re in ImpRec, choose the target from the "Attach to an Active Process (in this case you should choose eye.exe). The next step is to enter the OEP you got from the Loader and then hit IAT Autosearch and the click Get Imports. Alright, you closing in, now you can see several Imported Functions but some of the aint resolved to what you will do is to right click a function and choose "Trace 1". You can mark several at a time so save you some time. When you followed these instructions you will see that there is some funtions left that are still unresolved. Just right-click on them and choose "Plugin Tracer (ASProtect 1.2X Emul) Done! The final thing now is to paste it in the unpacked exe by clicking "Fix Dump" and choose the unpacked exe that The Loader created. If you want you can open up the fixed exe with PEeditor and take a look at the sections. There has been another one added with the fixed imports =) If you click "Directory" and then "Imports" you can see the whole import tree. Since there is no SI tricks in this Asprotect there is no need to debug the unpacked exe, just fire it up in Wdasm or SI whether you like and finalize the goal, mine is done. Boba Fett Lockless Cracking questions? bobafett@lockless.com (if it still works ;P or join us at EfNet #lockless Big thanks to R!SC, mAGIC mIKE, Prof.X, Incredible Fighter of eVC Dany B. - Maritz - Xodo - Wolf3D - Gon - Pedro - Farmer - WildRich - BoooM thE ThP crew especially DeadEyE, PhatAzz, dA bYTE fROG Slut - KniX - Ishbu - Anthrax69 TeChNiCh of Digital Factory Wahns of eMINENCE Mega - Navigator - Stan - Kayaman - Felix - all the others i forgot! Special fucks to anyone who stole our work, you know who you are... <LI><P CLASS="western" ALIGN=LEFT><FONT SIZE=3><B>Hiew