|
|
|
|
#1
02-02-2004, 00:58
|
|||
|
|||
|
to darwin:
you are using the wrong script for this program "asprsto", this is for finding the solen bytes , but on most programs , for this one it willn't work, we have work around this , I will explain briefly , but before that you have two options: option one: hide debugger run" lastex" script this will stop on the last exception , set bp(F2) on the first retn you see, shit+F9 will stop on the bp. option two: hide debugger: run "asprbp" script i t will stop on bp as above now , view memory and set memory breakboint on access, on code section. set trace condition:esp==12ffa4(for clarification search the forum for what I posted about this one) control+F11 will encounter a loop, F12 to stop olly bp (F2) under jnz , F9, then control+F11 once stopped, look below you will see your stoln bytes : push ebp mov ebp,esp add esp,-0c push ebx mov eax, 65526c shift+f9 will stop below your oep copy your stolen above where you have stopped, set origin here on the push ebp, then dump. fix your iat. it should run. here is asprobp=lastex updated. Last edited by britedream; 02-02-2004 at 18:03. 
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Plugin+ Configuration for olly 2.01 | Conquest | General Discussion | 4 | 03-25-2013 00:04 |
Hybrid Mode
