您的位置：首页 → 精文荟萃 → 破解文章 → 脱DLL文件的ASPROTECT的壳(英文)

脱DLL文件的ASPROTECT的壳(英文)

时间：2004/10/15 0:58:00来源：本站整理作者：蓝点我要评论(0)

　Web :http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com
{Main} | {Index}

Advanced PDF to HTML converter 1.4

Type : PDF to HTML Converter
Protection : Main dll file packed with ASProtect
Tech : Dumping and Fix IAT

Crack :

Here dll file "pdf2html.dll" is packd with ASProtect.We will have to unpack this dll file.
In SICE BPX GETSTARTUPINFOA and run the program.When we break in the dll file module ... look few lines up ... we can see ....

015F:10046F82 55 PUSH EBP -->> REAL EP
015F:10046F83 8BEC MOV EBP,ESP
015F:10046F85 6AFF PUSH FF
015F:10046F87 6838470510 PUSH 10054738
015F:10046F8C 68FC4F0410 PUSH 10044FFC
015F:10046F91 64A100000000 MOV EAX,FS:[00000000]
015F:10046F97 50 PUSH EAX
015F:10046F98 64892500000000 MOV FS:[00000000],ESP
015F:10046F9F 51 PUSH ECX
015F:10046FA0 51 PUSH ECX
015F:10046FA1 53 PUSH EBX

Dumping can be done even after API CALL GETSTARTUPINFOA ...
Dump it using JMP EIP trick ... correct EB FE using WinHex. Use PEditor and
make EP = 46F82

Now just look at the API CALL GETSTARTUPINFOA ... it will be like this :
10047031 CALL [10053070] ----> ASPROTECT TRICK
So IAT of this dll is some where here ...
Use WinHex RAM Editor and open the memory of this dll file.
Goto this address .... we can see a bunch of address ...which
starts from :

10053000 ---> 10053133 = 134

So run ImpRec and pick this dll and enter these values :
RVA = 53000
SIZE = 134
Now click "GetImports" ... we can see two thunks are invaild.
Now click "AutoTrace" ... and we get all APIs validated ...
Now fix dump .... now this dll file is totaly unpacked and will run.

Note : It is seen that while converting pdf to html sometimes the program crashes ... it is a program bug .... not our fault. You can verify it with unpacked dll file.After unpacking this main dll file ... you can torture it in whatever way you like ....hee..
Method 1:
Open unpacked dll file in WinHex.. We can see the nag string ....:
CREATED WITH UNREGISTERED VERSION .... just change this to ...
[HTML COMMENT] this will inhibit nag string ...

　　　　
　　　　
　　　　　
　　　　
　　　　
　　　　　

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论

查看所有0条评论>>

发表评论

我来说两句...

提交评论