I have been trying to unpack the run file of this program with no success. The ASProtect algorithm has a double layer protection. The first is a 7-day trial limitation and nag message that appears in the first installation. After the 7-day period expiration, if the user uninstalls and reinstalls the program, it will not load. Instead it will give a nag message asking to visit the site to purchase.

I could unpack the run file with Stripper v. 2.13b9, during the 7-day period. However, after the 7-day period, the trial counter protection is active and Stripper cannot handle this limitation. It issues an error message like: "error in reaching last SEH.". I have also tried to clear the ASProtect keys with Trial Reset 3.4 final, but it cannot do it either.

How could I find and clear such keys of the ASProtect trial counter so as to have the run file unpacked by Stripper? Are there any better unpacking technique or software other than Stripper? How to overcome this second layer limitation?

Best regards.

| Сообщение посчитали полезным:

By the way, PEiD tells that it's ASProtect 2.1x SKE.

| Сообщение посчитали полезным:

Eheyeh

For reset Trial period ASprotect try TrialReset v3.3 program!
_http://www.exelab.ru/download.php?action=get&n=NzA1

for unpack/crack your program post your question to Crack requests top..

| Сообщение посчитали полезным:

Registry Trash Keys Finder



-----
EnJoy!

| Сообщение посчитали полезным:

You can also use ASClean.exe by PE_Kill

| Сообщение посчитали полезным:

SYNAPSiS writes:
ASClean.exe by PE_Kill
too old tool

| Сообщение посчитали полезным:

None of the registry cleaners work. And the funny thing is that after running the file they do find some keys. This ASProtect thing is indeed a good protection.

| Сообщение посчитали полезным:

[DR] writes:
for unpack/crack your program post your question to Crack requests top..

Is it necessary to pay for it? I am mostly interested in learning how to unpack it myself. However, if Stripper cannot handle it, I guess I would have to do it manually and that requires some work. Anyway, I have got a bunch of good tutorials (including Lena's series). Any reference?

| Сообщение посчитали полезным:

this app may use own trial counter

-----
EnJoy!

| Сообщение посчитали полезным:

Eheyeh writes:
Is it necessary to pay for it?
You can use "freeware" e-mail service asprunpacker1@mail.ru - post your protected app to this e-mail (with attached archive).

| Сообщение посчитали полезным:

Jupiter writes:
this app may use own trial counter

Maybe. I am not sure though. I have got an unpacked file as well and I could not find any referenced string to the trial counter nag message in OllyDBG, even though there is a third protection in the unpacked file. I think the trial counter protection has something to do with ASProtect. Stripper can handle only the first 7-day trial protection mechanism.

| Сообщение посчитали полезным:

progopis writes:
You can use "freeware" e-mail service asprunpacker1@mail.ru - post your protected app to this e-mail (with attached archive).

May I attach only the executable file, or is it necessary to attach .dll files or the whole installation directory or even the trial installer?

| Сообщение посчитали полезным:

I have uploaded the protected/packed executable to: sharebee.com/2ddb004d

If someone has got an automatic unpacker that can deal with it, please let me know. With kindest regards and Peace.

| Сообщение посчитали полезным:

Eheyeh I've just tested the trial protection schema of the above program. Well, absolutely nothing special was found by me. It always creates a few registry marks (rather 3) and those marks can be easily removed by using TrashReg utility (sorry, not tested with others that were mentioned above). What's your problem with this trial prolongation?

| Сообщение посчитали полезным:

Alexas

Change your computer date forward into the future so that you get the second nag message: "Thank you for using ***. Please visit our website to purchase: ....". Stripper cannot unpack it because of this second break. I could not find or clear the registry keys which indicate the program that the trial period is over.

On the other hand I have been looking for a tutorial on how to unpack or manually patch the program without unpacking it. Is it possible? ARTeam have some tutorials on it: http://www.accessroot.com/arteam/site/search.php?q=ASProtect&r=0&s=Search

| Сообщение посчитали полезным:

Eheyeh, it seems you never saw ASProtect UI, because it includes "Expiration Date" option. When this option is activated, the protected software will stop working after the date you set here. And, yes, this feature doesn't use any Registry marks.

| Сообщение посчитали полезным:

Alright. So I guess the only way to go through it is by manually patching the file. Do you know how I could go through this? I have donwloaded some tutorials like this but I am not sure which is the right path to go. I feel like learning but it also looks like a great challenge.

| Сообщение посчитали полезным:

alexas writes:
it seems you never saw ASProtect UI, because it includes "Expiration Date" option. When this option is activated, the protected software will stop working after the date you set here.

Thanks. I have a downloaded a copy from this address to better study the UI.

| Сообщение посчитали полезным:

You can try this tool, it can help to find out what CLSID's asprotect using to hide trial info.
P.S.: don't forget about HKCU/Software/asprotect

32a0_18.07.2009_CRACKLAB.rU.tgz - asprscanner.exe

| Сообщение посчитали полезным:

Eheyeh chartdir41.dll not found, can not launch

-----
RE In Progress [!] Coding Hazard [!] Stay Clear of this Cube

| Сообщение посчитали полезным:

mak just tested it on clean win2kprof, all works. And there is no chart*.* in my win2kprof with Eheyeh's asprotect installed.

| Сообщение посчитали полезным:

mak writes:
chartdir41.dll not found, can not launch

You have to use the trial installer first. Download link here. As it will be your first installation, I guess it will just give the 7-day trial nag message. Stripper can handle this break and unpack it. However, after the 7-day, period, you'll get the program expiration message (probably a trial counter) and this break Stripper cannot go through.

| Сообщение посчитали полезным:

Nowar writes:
You can try this tool, it can help to find out what CLSID's asprotect using to hide trial info.
P.S.: don't forget about HKCU/Software/asprotect

Thanks. It could not find it either. With regard to other common records, Trial Reset does the job.

| Сообщение посчитали полезным:

Eheyeh, it looks only for CLSID's. If there is no hidden CLSID it can find nothing. I'm using it to reset trial from sunrav products (http://www.sunrav.ru/download/category/1-software.html?download=10%3A srtop)

| Сообщение посчитали полезным:

After the 7-day period is over, I think that the only to unpack it is by doing so manually. Perhaps this tutorial might help. And, by the way, this is professional's work.

| Сообщение посчитали полезным:

Nowar writes:
Eheyeh, it looks only for CLSID's. If there is no hidden CLSID it can find nothing.

Nowar, if you install the software on a clean machine and you get the 7-day trial nag message, then it means there is(are) some hidden key(s) which the scanners were not able to find. In the attached picture you can see the keys found by Trial Reset.


1733_24.07.2009_CRACKLAB.rU.tgz - TrialReset3.4.jpg

| Сообщение посчитали полезным: