/*

tested on asprotect 1.23 RC4 only - arz



*/



var j

var k



eoe main



main:

/* 

check for signature bytes

*/

mov j,eip

add j,47

mov k,[j]

mov j,[k]

cmp j,746F7250 

je reset





/*

last exception? 

*/

mov j,esp //based on britedreams lastex

add j,1C

mov k,[j]

cmp k,400000

je exit

cmp k,1000000 //did some testing on notepad :P

je exit

jmp continue





reset:

/* 

zero the debugger check flags for no debugger checks 

*/

mov j,eip

add j,41

mov k,[j] // get ptr to debug check array

sub k,4 // k Ptr do IsDebuggerPresent check flag

mov [k],0 // kill it (api won\'t be called)

add k,8 // k Ptr do anti-debug checks flag 

mov [k],0 // kill the internal FS[?],TRW and system debugger checks

jmp continue





continue:

esto

jmp main



exit:

ret



