Thread: System Cleaner 4.9.3.174
View Single Post
  #4  
Old 03-17-2004, 04:59
hobgoblin hobgoblin is offline
Friend
  
Join Date: Jan 2002
Posts: 124
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 5 Posts
hobgoblin Reputation: 0
Hi there
I found a little more stolen bytes than you did. Here there are:

55 PUSH EBP
8BEC MOV EBP,ESP
83EC 18 SUB ESP,18
53 PUSH EBX
56 PUSH ESI
57 PUSH EDI
33C0 XOR EAX,EAX
8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
8945 EC MOV DWORD PTR SS:[EBP-14],EAX
B8 B4FF5700 MOV EAX,dumped_.0057FFB4

After unpacking it, I also got the error message you did. But this error message is a blessing in disguise really.:-) The box ask you if you want to send a message to the author or not. And it aks you if you want to look at it. Take a look at it, and you'll find a referance to a call at the address 005807AA. By checking that out I quickly found out that by nop'ing it, the program runs fine.
I dumped the program using LordPE, not Olly.

regards,
hobgoblin
Reply With Quote