Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page svkp dumping problem
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-02-2003, 19:03
sope2001
 
Posts: n/a
Hello britedream

Have few questions if you don't mind.

(1) if you can clarify how did you find the missing api
E1170 / E117C / E1180 / E118C / E1198 / E1224 / E124C

I was able to find E117C i.e. LoadLibraryA but rest was not able to identify. I need to understand how you got the True api.

(2)

>at address :48bc63 = push 48bd65 ,retn
Do you mean we have to assemble the bytes or we have to reach uptil 0x7CFAF9 where we see Push 48BD65 & a Ret.

(3)

>copy section 00C00000 from orignal file to the unpacked
I don't see any section below is section i can see. Which part you are mentioning.

Code:
Number  Name   VirtSize   RVA    PhysSize  Offset    Flag
    1          000E0000 00001000 00071000 00000400 C0000040
    2          0003A000 000E1000 0003A000 00071400 C0000040
    3          00019000 0011B000 00008000 000AB400 C0000040
    4          0004E000 00134000 0004E000 000B3400 C0000040
    5 .svkp    00010000 00182000 00010000 00101400 C0000040
(4) Stolen Bytes
How did you find the stolen bytes from which part of the code you understood & put back in the required offset.

Regards, Sope.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
svkp infern0 General Discussion 3 06-05-2011 18:34
SVKP 1.3x unpacking codeX General Discussion 10 01-28-2005 22:03
The new svkp 143 britedream General Discussion 3 09-19-2004 22:22


All times are GMT +8. The time now is 01:57.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )