Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page asprotect script
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #15  
Old 01-08-2006, 14:38
britedream britedream is offline
Friend
  
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
gmi has a problem with some asprotect target,you could do this :

mov pe1,eip
and pe1,ff0000
cmp pe1,400000
je go2
mov pe1,eip
and pe1,ffff0000

go2:
mov pe,pe1+[pe1+3c]

cmp pe1,[pe+34 ] // check to see if the imagebase you assumed is the right one.
je go
msg "wrong imagebase"
ret
go:

mov codes ,[pe+100]
mov codeb ,pe1+[pe+104]

but the target doesn't conform to main coding of the script, it isnot worth it to have a major change in the script for one odd target , if there are few of those , then I will update the script with their pattern. Thanks.
by the way, the imagebase of 400000 is the default where exe is usually loaded.we also can go to the extreme and for sure find the exact image base, but it will be long and isnot worth it. easy, if the imagebase is wrong ,just enter it manually.
Last edited by britedream; 01-08-2006 at 19:21.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Thanks to hobgoblin, asprotect script is updated britedream General Discussion 5 05-11-2004 10:55


All times are GMT +8. The time now is 16:50.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )