Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New Asprotect?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #15  
Old 05-20-2004, 10:26
Darren Darren is offline
Friend
  
Join Date: May 2003
Posts: 28
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 16
Thanks Rcvd at 5 Times in 4 Posts
Darren Reputation: 0
this is the internal import table i mean, aspr steps through this and decodes as it goes, patching the calls and jumps to the envolope. on my machine the address of the code that does this is 0xc1550a. its possible to hijack this code with a little ollyscript and avoid it pointing calls to envolope code but to the real api addresses in memory, also i suspect with a few tweaks to the script it should be possible to make the script create an IAT and all the patched jumps/calls will be pointing to this new IAT, then its a case of sniffing out any emulated api and fixing them up manually

- Darren
Attached Files
File Type: txt asprIT.txt (1.7 KB, 68 views)
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with ASProtect 1.23 RC4 Perdition General Discussion 7 06-09-2004 01:48
New Asprotect?? loman General Discussion 7 02-04-2004 20:34


All times are GMT +8. The time now is 06:25.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )