Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to find YP's OEP
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-13-2005, 22:08
suddenLy suddenLy is offline
Friend
  
Join Date: Jan 2005
Posts: 62
Rept. Given: 2
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 3
Thanks Rcvd at 9 Times in 8 Posts
suddenLy Reputation: 3
To find OEP u'd better check the value of stack at BP on gettickcount, when debugger stop second time (with gettickcount BP).
Reply With Quote
  #2  
Old 09-15-2005, 17:33
wildmans
 
Posts: n/a
Suddenly, thanks for your answer.... I tried your solution but I cannot find the OEP using it.. Maybe you could describe your method in more detail ? You're sure it works for the latest yoda's protector ?
Reply With Quote
  #3  
Old 09-30-2005, 10:46
suddenLy suddenLy is offline
Friend
  
Join Date: Jan 2005
Posts: 62
Rept. Given: 2
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 3
Thanks Rcvd at 9 Times in 8 Posts
suddenLy Reputation: 3
OEP is stored to [esp+10] after return of second time of gettickcount.

The OEP is usually stored with "ror oep, 7"

so u can get real oep with "rol [esp+10], 7"

of course the value, 7 is dependent on u.

when u try some other number, u maybe find oep easily.

if u have a problem, feel free to know me that.

regards
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Find out Encryption aldente General Discussion 9 01-07-2005 05:10


All times are GMT +8. The time now is 01:05.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )