Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New Asprotect??
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #7  
Old 02-04-2004, 15:46
hobgoblin hobgoblin is offline
Friend
  
Join Date: Jan 2002
Posts: 124
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 5 Posts
hobgoblin Reputation: 0
About IAT
Hi,
I haven't had the time to look any further at this. But try this: set a breakpoint at the api GetProcAddress (after loading the file onto Olly). After hitting F9 a couple of times (maybe 3, I don't remember), you will be right in the middle of where the program writes the IAT. As you will see the program stores the iat in the high memory. For me it was in the range 00B6000 to B6C0C8. The problem was that Imprec wasn't able to read it at this address. I didn't investigate it further.
Check it out and tell us what you find.:-) Also, go into the program itself after it's been unpacked, and check out how the program calls the api's. Seems kind of different that ordinary programs. I think britedream is right. There seems to be an encrypter of some kind that's used first, then the program is packed.

hobgoblin
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASProtect or UPX? int21h General Discussion 2 12-14-2006 11:02
Help with ASProtect 1.23 RC4 Perdition General Discussion 7 06-09-2004 01:48


All times are GMT +8. The time now is 16:53.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )