This project arose as a result of my work on analysis of x86-targeted anti-piracy software: ASProtect v1.6/1.7. On that time ASProtect seemed to be a quite decent piece of software, which (among other means) extensively used various VM emulation techniques to guard important parts of the protected target like: crucial parts of code, Original Entry Point (OEP) location, imports calls etc.
asprext is a WindDbg extension consisting of a set of tools, which I wrote
for the purpose of my analysis allowing effectively reverse engineering this
software.
NOTE: Since I have no more time (and interest) to further work on this, I abandoned the project. If someone is interested in this topic and wants to continue work on it, feel free to contact me.
Some notes on the directories structure:
-
.\analysiscontains my annotated disassembly notes and other files helpful during the analysis. -
.\scriptcontains set of WindDbg unpacking scripts. The main script is.\script\mainlaunched by:0:000> $$>a< main mod_basewhere
mod_basespecifies an address of unpacked, ASPR-protected module.NOTE: The scripts extensively use other of my WinDbg extensions:
dumpextandscriptext, therefore they may serve as an illustration of usage of those extensions.https://github.com/pstolarz/dumpext
https://github.com/pstolarz/scriptext -
.\testcontains some x86 apps, ASPR protected (on various level of protection), and unpacked versions of them. Used for testing the extension. -
The rest constitutes the project sources. For x86 disassembly BSD-licensed NASM code has been used (slightly patched):
THE PROJECT IS MEANT FOR EDUCATIONAL PURPOSE ONLY. THE AUTHOR TAKES NO RESPONSIBILITY OR LIABILITY CAUSED BY USING THIS SOFTWARE FOR ANY OTHER PURPOSES.
GNU GENERAL PUBLIC LICENSE v2. See LICENSE file for details.