Hi there,

I´m pretty interested in unpacking stuff and managed to unpack some minor targets so far, but this time I´m faced with an .dll protected with:
ASProtect 1.2x - 1.3x [Registered] -> Alexey Solodovnikov
Strange enough the first section identifies itself as .aspack. Anyway, my question is more general. I would like to know, where to start unpacking an protected .dll. I use Olly and I tried with the loaddll-feature, but I got lost at once. I simply don´t know what to do with this .dll. I´ve unpacked ASProtect-Targets before but nevertheless don´t know what to do now. Is there any Tut on unpacking .dlls? Any help is greatly appreachiated.
Thanks a lot in advance.

Best regards *RemedY*

your question is a little too general. There's a procedure here if you need help. Read the FAQ, then search the archives. You can even download them if you look at the bottom of this page.

What I did on my first protected 'exe' unpack, was to stop at the code entry point. It's the very first bytes the program executes before it initializes itself. You can get to it from the symbol loader in softice but don't know how in Olly. Then I started single-stepping and making scads of notes, listing the addresses of important instructions, loops, etc. After a while, you see a pattern and find ways to progress quickly.

With a dll I don't know because I've never seen a packed dll. If there is such an animal, I'm sure it's listed in the archives. If not, show you've done some work on it, and I'm sure someone will help you out.

The only way I can see doing a totally protected dll, is to watch for it being called from the running app. Then start tracing into it and watch how it is unpacked. You could first try disassembling it in IDA to see if that reveals anything.

Hi,

maybe you got me a little bit wrong. I did all the things like searching the forum before i posted my question but unfortunally I found nothing. I know the general behaviour one has to show to get an answer, but there is nothing I´m able to do with this .dll. I´m able to unpack normal ASProtected .exe-files, but -as I said- this is the first time I came across an packed .dll. This is was I did so far: I let Olly break on new .dlls and stepped into the target .dll - but after one single step [which is a mov eax,dword ptr ds:[xxxxxxxx] it leaves the .dll, steps into another and never come back. For me, there is no obvious reason, why it leaves this .dll. If I were able to do more with this .dll, I would have written it here. I need some general information regarding the procedure of unpacking an .dll.
I hope someone is willing to help me nevertheless.
Thanks a lot in advance.

Best regards *RemedY*