Just read this thesis by senior about Szproject, features quite same as Aspack.
5 main features :
a. Code protection ( by aPlib compression library indirectly resulted encryption effect)
b. Import table hiding
c. Antidebugger protection
d. Resource hiding
e. Extra protection
The antidebugging technique as below:
a. use the driver that used by SoftIce. If the original driver detected, flag toogled.
b. for Ring 3 debugger, read PEB ( process environement block) for certain value.
c. copy IsDebuggerPresent() in kernel32.dll to Szprotect. This may avoid the bypass
These going to spend my holiday
1. " Reversing : Secret of Reversing Engineering" Eldad Eilam(2005)
2. " The Shellcoder's Handbook: Discovering and Exploiting Security" Jack Koziel (2004)
3. "EXE Tools forum" http://forum.exetools.com
4. "Reversing Labs" http://ap0x.jezgra.net
5. " pediy" http://bbs.pediy.com