ASPack dll

Lets get down to business on ASM, reverse engineering, product activation, and what it's really all about. [ THERE ARE NO WAREZ HERE ]

ASPack dll

Postby lipeng1922 » Thu Dec 26, 2013 5:52 pm

Hi everyone,
someone is able to unpack the attached dll packed with ASPack 2.12?

thank's
lipeng1922
n00b
 
Posts: 2
Joined: Thu Dec 26, 2013 5:48 pm

Re: ASPack dll

Postby Cool_Fire » Fri Dec 27, 2013 1:15 am

Aspack is just zip compression. In theory you should be able to dump the original binary with a debugger.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
User avatar
Cool_Fire
Not a sandwich
 
Posts: 1880
Joined: Fri May 09, 2003 1:20 pm
ICQ: 336613081
Website: https://www.insomnia247.nl/
Yahoo Messenger: cool_fire_666
AOL: EvilCoolFire
Location: 41 6d 73 74 65 72 64 61 6d

Re: ASPack dll

Postby lipeng1922 » Fri Dec 27, 2013 1:44 pm

thank's,
I am a newbie, could you help me in any way (tutorial or just do it for me)? Many thank's.
The DLL is ApexSqlLog2013Activation.dll (you could download apexsql log)
lipeng1922
n00b
 
Posts: 2
Joined: Thu Dec 26, 2013 5:48 pm

Re: ASPack dll

Postby Cool_Fire » Fri Dec 27, 2013 2:44 pm

You'll have to dive into the specifics on what ASPack does exactly (If it write a file, you can just copy that at runtime, but odds are it will not.)
Most likely it'll keep unzip the original executable in the data segment (an executable data segment is a dead giveaway for this). Then all you have to do is attach you favorite debugger, break on the condition of EIP jumping to an address in your data segment and then just dump the data segment to disk. (The specifics of how to do each of these steps are in the documentation for your debugger of choice. I've done this whole thing with GDB before)
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
User avatar
Cool_Fire
Not a sandwich
 
Posts: 1880
Joined: Fri May 09, 2003 1:20 pm
ICQ: 336613081
Website: https://www.insomnia247.nl/
Yahoo Messenger: cool_fire_666
AOL: EvilCoolFire
Location: 41 6d 73 74 65 72 64 61 6d

Re: ASPack dll

Postby Cool_Fire » Fri Dec 27, 2013 2:48 pm

On the specific subject of finding out what it's doing, have a look at http://msdn.microsoft.com/en-us/library ... s.85).aspx
Looking at what system calls it makes should give you some clues as to how it operates. If it's writing some file and then executing it for example, you're probably dealing with a situation where it unzips, writes to disks and then executes the original file.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
User avatar
Cool_Fire
Not a sandwich
 
Posts: 1880
Joined: Fri May 09, 2003 1:20 pm
ICQ: 336613081
Website: https://www.insomnia247.nl/
Yahoo Messenger: cool_fire_666
AOL: EvilCoolFire
Location: 41 6d 73 74 65 72 64 61 6d

Re: ASPack dll

Postby Fatal_Exception » Mon Jan 06, 2014 3:58 pm

You could also try to use
Process Explorer : http://technet.microsoft.com/en-us/s.../bb896653.aspx
Process Monitor : http://technet.microsoft.com/en-us/s.../bb896645.aspx

Here is a walkthrough on unpacking ASPack.dll

http://blog.3slabs.com/2012/09/unpackin ... namic.html
Did you know that there are over 2 million people addicted to warez? I'm #323,097!
User avatar
Fatal_Exception
Strike 1
 
Posts: 138
Joined: Sat Dec 27, 2003 4:52 pm
Website: http://www.hackerslegion.com/
AOL: FatalXcption
Location: 127.0.0.1


Return to ā€œ%sā€ Apps & RE

Who is online

Users browsing this forum: No registered users and 0 guests

cron