The Target: http://www.runtime.org/gdbnt.zip
The Problem:
Another Runtime software protected by ASPACk 2.11c (same as Captain Nemo).I had no problem inline patching Captain Nemo but I'm unable to inline patch this Getdataback.
To crack the program:
Code:
004F8763 . /74 08 JE SHORT gdbnt1.004F876D
Change To
004F8763 /EB 23 JMP SHORT gdbnt1.004F8788
While manual unpacking I found these signature bytes:
Code:
006353B6 /75 08 JNZ SHORT gdbnt.006353C0
006353B8 |B8 01000000 MOV EAX,1
006353BD |C2 0C00 RETN 0C
006353C0 \68 B06C5700 PUSH gdbnt.00576CB0
Now for inline patching when I goto "006353B6" I see this :?
Code:
006353B6 DCA1 11A8A9A9 FSUB QWORD PTR DS:[ECX+A9A9A811]
006353BC A9 6BA5A9C1 TEST EAX,C1A9A56B
006353C1 A9 A9A9A96A TEST EAX,6AA9A9A9
006353C6 222C85 E3EDA924 AND CH,BYTE PTR DS:[EAX*4+24A9EDE3]
So I cannot see that JNZ to make it jump to my injected code. How to do the patching now? Plz help.
Regards,