I'm trying to unpack the advanced registry tracer (http://www.elcomsoft.com/art.html). I've successfully unpacked it and reconstructed the iat, but the problem now is that it checks for presence of the unpacker (in this case asprotect 2.1x as reported by PEiD) pretty much randomly throughout the initialization code by trying to access dynamicly allocated memory (in this case located at 18xxxxx), which of course does not exist in the unpacked executable. Any ideas on how to bypass it? Is there maybe a way to ignore any mov's and calls involving invalid addresses? Some plugin for olly maybe?

I allso tried to use lates asprotect unpacker script for olly written by Volx, but it tells me that it cannot recognise version of asprotect used in this file. The script can be found here: www.unpack.cn/viewthread.php?tid=9487&extra=page%3D1

Here is a link to both the original trial and my unpacked version:
rapidshare.com/files/14301470/art.rar

I hope it's ok to post such links here.

I don't mind if you write in russian.. I just don't have a russian keyboard so I write in english...

| Сообщение посчитали полезным:

Sorry, I'm nub in unpack as well, as in english , please, test this unpacked and patched programm http://dump.ru/files/0/0169880996/ , pass I send to you in PM.
Hope all OK ;)

-----
Само плывет в pуки только то, что не тонет.

| Сообщение посчитали полезным:

Well im more interested in how you did it, rather than the final result Thnx though, at least now I have something to compare my results with..

| Сообщение посчитали полезным:

Ahhhh!! Ja nashol problemu! U menja Import size byl slishkom malenkij v ImpREC

| Сообщение посчитали полезным: