Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Visual Protect
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-17-2004, 14:31
ferrari
 
Posts: n/a
Quote:
Originally Posted by Android
Hi bukkake,
Instead I have 2 other invalids thunks which are

1-000836B8 (Has 65 invalid imports)
2-000830D0 (Has 25 invalid imports)
@Android,

You asked me on AR forums today how to fix the remainig unresolved pointers. it's easy to find the correct imports (Kernel32 and User32). When I finish my current pending work. I'll post steps on Ar forums on how to correct the invalid imports. I have attached my fixed IAT so that u can compare. Target runs clean.

Regards.
Attached Files
File Type: txt iat.txt (18.1 KB, 7 views)
Reply With Quote
  #2  
Old 09-17-2004, 14:58
ferrari
 
Posts: n/a
Another quick way to get OEP:

Press Shift F9 -> 16 times till you get the NAG diallog. Press Try button and Shift F9 till target runs. Now look in Stack window. Scroll down till you see:

0012F6B8 00B63BC4 ASCII "Finalizing 0x0047CAE0"

So OEP is 47CAE0. Ok restart the target in olly. Ctrl G and type 47CAE0. Right click and Breakpoint Hardware on execution. Now repeat Shift F9 till NAG dialog and after click on try button Shift F9 2 times and u at OEP.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 20:30.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )