|
|
#11
02-16-2004, 03:38
|
|||
|
|||
|
Wurstgote,
I think I was able to replicate what you're getting. I believe the problem is the dump you are using came after ASPR processed its 'dips'. ASPR processes 'dips' before reaching the OEP that modify addresses to point to ASPR at 620484, 62048C, 620494, 620498, and 62049C. data BEFORE ASPR dips 00620480: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00 00620490: 00 8D 40 00-F4 85 57 00-20 86 57 00-20 86 57 00 006204A0: 00 00 00 00-FE FF FF FF-FE FF FF FF-00 00 00 00 006204B0: FE FF FF FF-FE FF FF FF-00 8D 40 00-00 00 8B C0 data AFTER ASPR dips 00620480: 00 00 00 00-61 38 60 01-00 00 00 00-FC 1E 63 01 00620490: 00 8D 40 00-08 1C 61 01-A4 1B 61 01-D8 1B 61 01 006204A0: FE FF FF FF-1E 00 00 00-1E 00 00 00-FE FF FF FF 006204B0: 00 00 00 00-00 00 00 00-00 8D 40 00-00 00 8B C0 data that WORKS 00620480: 00 00 00 00-F0 3F 61 00-00 00 00 00-00 00 00 00 00620490: 00 8D 40 00-F4 85 57 00-20 86 57 00-20 86 57 00 006204A0: FE FF FF FF-1E 00 00 00-1E 00 00 00-FE FF FF FF 006204B0: 00 00 00 00-00 00 00 00-00 8D 40 00-00 00 8B C0 MUST put something here for pointer in data that WORKS 00613FF0: 45 76 65 72-79 6F 6E 65-00 00 00 00-00 00 00 00 You still need to apply C3 at 57890C. JackD Last edited by JackD; 02-16-2004 at 03:42. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| one newbie question | SubzEro | General Discussion | 7 | 03-12-2015 06:05 |
| ASPR, ARMA question | sgdt | General Discussion | 3 | 04-09-2006 03:38 |
| ASPR 1.2 question | gabri3l | General Discussion | 42 | 05-01-2004 15:09 |
| a newbie question about CRC32 | abccc | General Discussion | 13 | 04-23-2004 03:13 |
| "newbie" question for crackers ;) | newbie007 | General Discussion | 4 | 10-07-2003 04:46 |
Threaded Mode