Help with find Stolen Bytes - ASProtect 1.23 RC4 - 1.3.08.24
Classical unpack - Olly Plugin - find last exception - BP on .code sekcion - CTRL+F11..............
ALT+K - and put here - this is OK and normal
Code:
005FD993 0000 ADD BYTE PTR DS:[EAX], AL -----------------------
005FD995 0000 ADD BYTE PTR DS:[EAX], AL
005FD997 0000 ADD BYTE PTR DS:[EAX], AL
005FD999 0000 ADD BYTE PTR DS:[EAX], AL
005FD99B 0000 ADD BYTE PTR DS:[EAX], AL
005FD99D 0000 ADD BYTE PTR DS:[EAX], AL-----------------------
005FD99F E8 B8A2E0FF CALL xxxxxDig.00407C5C
005FD9A4 A1 70A56000 MOV EAX, DWORD PTR DS:[60A570]
005FD9A9 8B00 MOV EAX, DWORD PTR DS:[EAX] ; xxxxxDig.00505A4D
005FD9AB E8 E499E5FF CALL xxxxxDig.00457394
005FD9B0 A1 70A56000 MOV EAX, DWORD PTR DS:[60A570]
005FD9B5 8B00 MOV EAX, DWORD PTR DS:[EAX] ; xxxxxDig.00505A4D
005FD9B7 BA 04DA5F00 MOV EDX, xxxxxDig.005FDA04 ; ASCII "xxxxx Digger"
005FD9BC E8 D795E5FF CALL xxxxxDig.00456F98
Yes now find the stolen bytes - Run Trace and find ESP=EBP - 12FFC0 - and this is my problem -
Code:
0101D8FE Main JMP SHORT 0101D903
0101D903 Main PUSH EBP ; ESP=0012FFBC
0101D904 Main SUB WORD PTR DS:[101D90E], 0F13C
0101D90D Main JMP SHORT 0101D911
0101D911 Main POP DWORD PTR SS:[ESP] ; ESP=0012FFC0
0101D915 Main MOV EBP, ESP ; EBP=0012FFC0
0101D917 Main SUB ESP, 0C ; ESP=0012FFB4
0101D91D Main SUB WORD PTR DS:[101D927], 7B43 ; FL=CS
0101D926 Main JMP SHORT 0101D92A
0101D92A Main JMP SHORT 0101D92E
0101D92E Main SUB WORD PTR DS:[101D937], 3068
0101D937 Main JMP SHORT 0101D93C
0101D93C Main LEA ESP, DWORD PTR SS:[ESP-2D] ; ESP=0012FF87
0101D940 Main PREFIX REPNE:
Target in Delphi
I don't know exactly which it are - statement is some fake
- advise st. to nobody which it are - line on target send to PM - thanks