|
Wurstgote,
I think I was able to replicate what you're getting. I believe the problem is the dump you are using came after ASPR processed its 'dips'.
ASPR processes 'dips' before reaching the OEP that modify addresses to point to ASPR at 620484, 62048C, 620494, 620498, and 62049C.
data BEFORE ASPR dips
00620480: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00620490: 00 8D 40 00-F4 85 57 00-20 86 57 00-20 86 57 00
006204A0: 00 00 00 00-FE FF FF FF-FE FF FF FF-00 00 00 00
006204B0: FE FF FF FF-FE FF FF FF-00 8D 40 00-00 00 8B C0
data AFTER ASPR dips
00620480: 00 00 00 00-61 38 60 01-00 00 00 00-FC 1E 63 01
00620490: 00 8D 40 00-08 1C 61 01-A4 1B 61 01-D8 1B 61 01
006204A0: FE FF FF FF-1E 00 00 00-1E 00 00 00-FE FF FF FF
006204B0: 00 00 00 00-00 00 00 00-00 8D 40 00-00 00 8B C0
data that WORKS
00620480: 00 00 00 00-F0 3F 61 00-00 00 00 00-00 00 00 00
00620490: 00 8D 40 00-F4 85 57 00-20 86 57 00-20 86 57 00
006204A0: FE FF FF FF-1E 00 00 00-1E 00 00 00-FE FF FF FF
006204B0: 00 00 00 00-00 00 00 00-00 8D 40 00-00 00 8B C0
MUST put something here for pointer in data that WORKS
00613FF0: 45 76 65 72-79 6F 6E 65-00 00 00 00-00 00 00 00
You still need to apply C3 at 57890C.
JackD
Last edited by JackD; 02-16-2004 at 03:42.
|