Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Saturday, October 21 2017 @ 07:06 AM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ASProtect 1.23 RC4 - 1.3.08.24 (Manual Unpacking) - help?

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking
View previous topic :: View next topic  
Author Message
zack6924
New to the board
New to the board


Joined: 08 Jul 2005
Posts: 1

PostPosted: Sun Dec 12, 2010 1:09 pm    Post subject: ASProtect 1.23 RC4 - 1.3.08.24 (Manual Unpacking) - help? Reply with quote

Alright so I've tried this several times both on my windows 7 machine and on my XP Mode VM and I can't seem to ever get the OEP of this game client I'm attempting to unpack.

I've tried ever publicly available version of aspstripper,
and followed several unpacking tutorials...

One I've just now followed before creating this thread was here
Code:

http://www.reversing.be/article.php?story=20050329165716822


After getting to this point
Code:


00B45000   68 C3F44000      PUSH 40F4C3
00B45005   68 DB4DB400      PUSH 0B44DDB
00B4500A   C3               RETN   <--------- Until this RETN

Then execute that RETN:


00B44DDB   EB 01            JMP SHORT 00B44DDE
00B44DDD   9A 51579CFC BF1F CALL FAR 1FBF:FC9C5751
00B44DE4   4E               DEC ESI
00B44DE5   B4 00            MOV AH,0
00B44DE7   B9 5E140000      MOV ECX,145E
00B44DEC   F3:AA            REP STOS BYTE PTR ES:[EDI]
00B44DEE   9D               POPFD
00B44DEF   5F               POP EDI
00B44DF0   59               POP ECX
00B44DF1   C3               RETN   <-------------------- Put bp here!


The code seems to be different because that return does not end with the same result as what most other people have gotten...

Instead it ends in a another return which has no relation to the signature code I've seen in everyone's tutorial

Below is the 'signature' code I'm speaking of...
Code:

0040F4C3   FF15 30174100    CALL DWORD PTR DS:[411730]               ; msvcrt.__set_app_type
0040F4C9   59               POP ECX
0040F4CA   830D F4AE4100 FF OR DWORD PTR DS:[41AEF4],FFFFFFFF
0040F4D1   830D F8AE4100 FF OR DWORD PTR DS:[41AEF8],FFFFFFFF
0040F4D8   FF15 38174100    CALL DWORD PTR DS:[411738]               ; msvcrt.__p__fmode



I'm not quite sure if this is because the game client has nProtect's GameGuard software embedded within it or what the case is but if anyone can help with unpacking this I'd greatly appreciate it.

URL:
Code:

http://rapidshare.com/files/436357998/RH.rar


The file is 'rohanclient.exe' all required dlls, gameguard and etc are within that rar supplied and it's on my file share so it shouldn't require you to have a rapidshare account to download it without wait times or etc.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2017 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.05 seconds