.I'm trying to unpack the advanced registry tracer (http://www.elcomsoft.com/art.html). I've successfully unpacked it and reconstructed the iat, but the problem now is that it checks for presence of the unpacker (in this case asprotect 2.1x as reported by PEiD) pretty much randomly throughout the initialization code by trying to access dynamicly allocated memory, which of course does not exist in the unpacked executable. Any ideas on how to bypass it? Is there maybe a way to ignore any mov's and calls involving invalid addresses? Some plugin for olly maybe?
Here is the original and dumped version of the file:
[...link removed as a precaution...]
I allso tried to use lates asprotect unpacker script for olly written by Volx, but it tells me that it cannot recognise version of asprotect used in this file. The script can be found here: http://www.unpack.cn/viewthread.php?tid=9487&extra=page%3D1
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}