|
|
|
|
#1
06-28-2007, 22:56
|
||||
|
||||
|
Code:
004A0761 E8 A3E40000 call 004AEC09 ; This is the OEP! Found By: fly 004A0766 E9 16FEFFFF jmp 004A0581
__________________
UpK һ�����ꡭ����ƽ��! http://www.unpack.cn 
|
|
#2
07-15-2007, 06:20
|
||||
|
||||
Try to use "Armadillo OpenMutexA"
If u use "Armadillo OpenMutexA" script , and u pass all Exceptions and after 2
CreateThread then go to RET and u will find this Call  00D6036D FFD1 CALL ECX which go u to The OEP this Is : 004118D6 . 6A 60 PUSH 60 This is the OEP 004118D8 . 68 A8>PUSH 004326A8 004118DD . E8 56>CALL 00412238 004118E2 . BF 94>MOV EDI,94 004118E7 . 8BC7 MOV EAX,EDI 004118E9 . E8 32>CALL 00410720 004118EE . 8965 >MOV DWORD PTR SS:[EBP-18],ESP 004118F1 . 8BF4 MOV ESI,ESP 004118F3 . 893E MOV DWORD PTR DS:[ESI],EDI 004118F5 . 56 PUSH ESI ; /pVersionInformation 004118F6 . FF15 >CALL DWORD PTR DS:[42E298] ; \GetVersionExA use ArmInline then Dump the file ,and u wil find it by PEiD is Microsoft Visual C++ 7.0 [Debug] that all i have.................................
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| A 96KB Game!! | ferrari | General Discussion | 9 | 06-02-2004 07:31 |
![fly [CUG]'s Avatar](image.php?u=14940&dateline=1102687166)
![fly [CUG] is offline](images/statusicon/user_offline.gif)
![fly [CUG] Reputation: 3](images/reputation/reputation_pos.gif)
Hybrid Mode
