 
Possible Stolen bytes: ASProtect
********************************

1) M$ Visual C++ : 

55              PUSH EBP
8BEC            MOV EBP,ESP
6A FF           PUSH -1

68 xxxxxx00     PUSH target_name.00xxxxxx |Look in stack window for "Pointer to next SEH record"
68 xxxxxx00     PUSH target_name.00xxxxxx |Besides n below the SE Handler see 2 Pushed addresses

64:A1 00000000        MOV EAX,DWORD PTR FS:[0]
50                    PUSH EAX
64:8925 00000000      MOV DWORD PTR FS:[0],ESP
83EC 58               SUB ESP,58
53                    PUSH EBX
56                    PUSH ESI
57                    PUSH EDI
8965 E8               MOV DWORD PTR SS:[EBP-18],ESP




OR MFC application:   

55              PUSH EBP
8BEC            MOV EBP,ESP
6A FF           PUSH -1

68 xxxxxx00     PUSH target_name.00xxxxxx |Look in stack window for "Pointer to next SEH record"
68 xxxxxx00     PUSH target_name.00xxxxxx |Besides n below the SE Handler see 2 Pushed addresses

64:A1 00000000        MOV EAX,DWORD PTR FS:[0]
50                    PUSH EAX
64:8925 00000000      MOV DWORD PTR FS:[0],ESP
83EC 68               SUB ESP,68
53                    PUSH EBX
56                    PUSH ESI
57                    PUSH EDI
8965 E8               MOV DWORD PTR SS:[EBP-18],ESP
33DB                  XOR EBX,EBX
895D FC               MOV DWORD PTR SS:[EBP-4],EBX
6A 02                 PUSH 2



***********

2) Borland Delphi: 

8 Stolen Bytes
*****************
55           PUSH EBP
8BEC         MOV EBP,ESP
B9 0x000000  MOV ECX,x <--- Check value in ECX when u land at fake OEP

----
11 Stolen Bytes
*****************
55           PUSH EBP
8BEC         MOV EBP,ESP
83C4 F0      ADD ESP,-10
B8 xxxxxx00  MOV EAX,target_name.00xxxxxx  <- Execute POP EAX or MOV EAX,EBX with F7 when u land after tracing from last RETN and then check value in EAX and then continue F7 and land on Fake OEP

----
12 Stolen Bytes
*****************
55           PUSH EBP
8BEC         MOV EBP,ESP
83C4 F4      ADD ESP,-0C
53           PUSH EBX
B8 xxxxxx00  MOV EAX,target_name.00xxxxxx <- Execute POP EAX or MOV EAX,EBX with F7 when u land after tracing from last RETN and then check value in EAX and then continue F7 and land on Fake OEP

---
14 Stolen Bytes
*****************
55           PUSH EBP
8BEC         MOV EBP,ESP
83C4 F4      ADD ESP,-0C
53           PUSH EBX
56           PUSH ESI
57           PUSH EDI
B8 xxxxxx00  MOV EAX,target_name.00xxxxxx <- Execute POP EAX or MOV EAX,EBX with F7 when u land after tracing from last RETN and then check value in EAX and then continue F7 and land on Fake OEP

---
19 Stolen Bytes
*****************
55            PUSH EBP
8BEC          MOV EBP,ESP
33C9          XOR ECX,ECX
51            PUSH ECX
51            PUSH ECX
51            PUSH ECX
51            PUSH ECX
51            PUSH ECX
51            PUSH ECX
51            PUSH ECX
53            PUSH EBX
56            PUSH ESI
B8 xxxxxx00   MOV EAX,target_name.00xxxxxx <--Check EAX

*************