yes, i realise that these are standard api's incorporated into aspr'd apps
the reason that your call isn't working is cuz it's pointing directly to an address that simply doesn't exist in win2k. perhaps your kernel32 (or all xp kernel32) is based at 77000000. where mine is based at 7C000000. this isn't a new concept and is the entire reason for the need of an import table and iat. cuz with each system or OS, the api simply do not reside in the same exact address. it seems that since you have the grasp of all these things, and i doubt i need to tell you this. but just in case you didn't know...
perhaps the fact that i copy/pasted from olly in haste that is shows the api names is confusing. but if you look what i really did was change the direct calls to indirect calls like so:
Quote:
00476FD6 PUSHAD
00476FD7 PUSH 00476FC8
00476FDC CALL DWORD PTR DS:[45C9EC]
00476FE2 MOV ESI,EAX
00476FE4 PUSH 1
00476FE6 PUSH EAX
00476FE7 CALL DWORD PTR DS:[45C9E4]
00476FED CALL EAX
00476FEF POPAD
00476FF0 PUSH DWORD PTR SS:[EBP+9D5]
00476FF6 PUSH 0045C03F
00476FFB RETN
|
anyway, just letting you know that this works this way and would work on any win platform and not just xp.
well... it was working, now i get a crc error (aspr virus error) coming from your hack file. strange cuz it was working. o well.
06-13-2004, 12:06
Similar Threads
Threaded Mode