Hi i am new to cracking stuff (this is my first time)
I am attempting to unpack -- Ultimate Unwrap 3D SE (x86) Version: 2.50.44
but after running a script it said "There are stolen code, cheak IAT data log window."
what do i do after to continue the unpack?
the program uses ASProtect SKE v2.72 or higher

https://streamable.com/0r1v

| Сообщение посчитали полезным:

Read at least some theory.
Study tutorials
here: http://rka.rabota-ka.ru/novosti/issledovaniezasitygetdataback
and here: https://exelab.ru/f/action=vthread&forum=13&topic=11596

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным: Xxmagic101

Xxmagic101 writes:
but after running a script it said "There are stolen code, cheak IAT data log window."
what do i do after to continue the unpack?
Script finished his work.Stolen code already add as last section of dump with 'de_' prefix.Just read IAT info inside ollydbg log and fix this dump with any import reconstructor.

-----
TEST YOUR MIGHT

| Сообщение посчитали полезным: Xxmagic101

unknownproject writes:
Script finished his work.Stolen code already add as last section of dump with 'de_' prefix.Just read IAT info inside ollydbg log and fix this dump with any import reconstructor.

Ok i got the dump and did what you said i have de_unwrap3d_.exe
when i run it it gives an c++ runtime error and stops working




| Сообщение посчитали полезным:

Xxmagic101
Runtime hasn't been initialized. You must fix sections flags. This info exists in this forum

-----
Research For Food

| Сообщение посчитали полезным:

Xxmagic101 writes:
Ok i got the dump and did what you said i have de_unwrap3d_.exe
when i run it it gives an c++ runtime error and stops working
Well.Load ollydbg again.Run unpacked prog inside, close reminder nag.Olly alerts you about exception.
Scrolldown stack until this:

This is a source of problem:

You have two ways:
1.Set 0 value at 6A0298
2.Patch je to unconditional jmp at 0046EF28;

And don't forget about another problem: every script or program developed to deal with asprotect supports only NT kernel <=6.1 [2000 - XP - 2k3 - Vista & 7 x86].This is very important.

-----
TEST YOUR MIGHT

| Сообщение посчитали полезным: Xxmagic101

unknownproject writes:
You have two ways:
1.Set 0 value at 6A0298
2.Patch je to unconditional jmp at 0046EF28;

i did the jump patch it kinda works
any reason why this happens? ---- > https://streamable.com/5i2q

| Сообщение посчитали полезным:

As i can see you have windows 10.She's not supported [officially] by ollydbg, script plugin and any other software like Stripper or DeComAs - autounpackers for AsProtect v2.x cuz they are released before the latest microsoft os.So if you want the best solution for unpacking - try to install virtual windows xp through vmvare or virtual box and try again.

https://exelab.ru/f/action=vthread&forum=13&topic=18361 - DeComAs thread.
https://www.sendspace.com/file/8us35q] - my unpacked file with patch.Tested under win 10, win 7 and XP.

-----
TEST YOUR MIGHT

| Сообщение посчитали полезным: Xxmagic101

unknownproject writes:
As i can see you have windows 10.She's not supported [officially] by ollydbg, script plugin and any other software like Stripper or DeComAs

ah ok thanks for clarifying
i re patched the exe in windows xp it's working fine now!

unknownproject gets a cookie!

Added later 2 hours 2 minutes
anything should i look out for when cracking?

| Сообщение посчитали полезным: