Requested.
That simple, the first thing to do is to unpack the 'ASPack v2'.
when done load the sample on olly and run it, you got this message
Make a pause execution (F12) and Alt+F9 (execute till user code)
Then return to the messagebox and press 'Yes' you will break.
Return to olly scroll up the code until you see 'PUSH EBP'
Make a breakpoint and reload the binary inside olly (Ctrl+F2)
You will break on push ebp, modify the instruction by 'ret' or 'retn'
Then: Right Click>Follow
You will see a CALL 0x4XXXXX (who call your code with the 'expired check')
Replace the CALL 0x4XXX by NOPs and undo the modification on the push ebp
Then register your modification and StreamTorrent will run now ;)
No comments:
Post a Comment