|
@Benten I did some quick steps (7.0.6 32 bit):
1. You need a registered version (there are secure sections that determine which features you have, for example at 0x404D63)
- You can obtain this by buying the program and unpacking the registered version
- OR by brute forcing the symkeys and replacing the ECDSA parameters and unpacking that registered version (make sure not to click the update button)
2. Get to the entry point (standard protection, so quite easy), it is 0x4038C4
3. Fix the import elimination (redirect them with UIF to the section of size 0x10000 where the entry point originally is)
4. redirect the code splices (you can use another arma section near the end of the file)
5. dump+fix (make sure to check the 'use original thunk' option in Scylla or you'll get a crash)
6. now you will crash "Access violation at address 00536A4D in module 'ezcd_reg-dump_SCY.exe'. Read of address 00000000."
7. Hint to fix this and fully register: look into what ArmAccess.dll is.
|