Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Aspack 2.11c- Inline Problem
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-24-2004, 00:13
ferrari
 
Posts: n/a
Aspack 2.11c- Inline Problem
The Target: http://www.runtime.org/gdbnt.zip

The Problem:
Another Runtime software protected by ASPACk 2.11c (same as Captain Nemo).I had no problem inline patching Captain Nemo but I'm unable to inline patch this Getdataback.
To crack the program:
Code:
004F8763   . /74 08         JE SHORT gdbnt1.004F876D

 Change To

004F8763     /EB 23         JMP SHORT gdbnt1.004F8788
While manual unpacking I found these signature bytes:
Code:
006353B6   /75 08           JNZ SHORT gdbnt.006353C0
006353B8   |B8 01000000     MOV EAX,1
006353BD   |C2 0C00         RETN 0C
006353C0   \68 B06C5700     PUSH gdbnt.00576CB0
Now for inline patching when I goto "006353B6" I see this :?

Code:
006353B6    DCA1 11A8A9A9   FSUB QWORD PTR DS:[ECX+A9A9A811]
006353BC    A9 6BA5A9C1     TEST EAX,C1A9A56B
006353C1    A9 A9A9A96A     TEST EAX,6AA9A9A9
006353C6    222C85 E3EDA924 AND CH,BYTE PTR DS:[EAX*4+24A9EDE3]
So I cannot see that JNZ to make it jump to my injected code. How to do the patching now? Plz help.

Regards,
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help-Inline Patching ASPACK 2.12(System Mechanic 4.0h) ferrari General Discussion 9 04-03-2004 04:29
AsPack ferrari General Discussion 1 01-16-2004 01:52


All times are GMT +8. The time now is 16:20.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )