Thread: ASPR 1.2 question
View Single Post
  #21  
Old 04-29-2004, 23:36
JMI JMI is offline
Leader
  
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 98 Times in 96 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
britedream and R@dier:

Man, one shouldn't try to write analysis of issues at 2:00 AM after getting very little sleep for a couple of days. Reading my last post after a few hours sleep, I wonder how I could have written "00A60019-00A6005C and/or 00A10671 and 00A10019" were within the code range of "00401000 to 00499000." Somehow, even though I typed 00A1 or 00A6, my tired brain read them as 0041 and 0046. (No excuse sir, hadn't even had anything to drink.)

That said, I've made sure my exceptions were set the same as yours, either with or without the other exceptions marked besides the "ignore" kernel32. I'd had the kernel32 box checked already. Using your "search," I easily located the two calls and BP'd on that location, continued pressing SHIFT+F9 until it broke there. Then, just for a test, I moved up in the display and put a BP on 00A10019 (recognizing, this time it was actually an "A" and not a "4" ) and went back to pressing SHIFT+F9 (without NOPing the Call you indicated) just to see if the program would break in what we all knew should have been the "last" excption. I still never reached it.

For some reason, I'm still ending up at 00A111D3 and the routine which leads to the error message, even though I'm still using exactly the same method of attack which worked perfectly on a couple of other ASPR targets. In case it was something you didn't mention, the only plugins I have installed at the moment are the command line and bar, hide debugger, and Ollydump, although, at the moment I don't see why that would make a difference. As soon as I get a chance, I'll try Britedream's new script and/or single stepping from that Call to see if I can find where it goes "wrong".

As I said before, for me the "strange" thing here is that at the moment my tracing is getting misdirected by something I haven't figured out yet. I knew what the last exception was supposed to look like and can even find it in the code. I just haven't yet been able to make my Olly get there. But, after all, trying to solve these challenges is why we do this in the first place.

Thanks for the information. It confirms there is something "strange" going on in my setup that you all are not experiencing.

Regards,
__________________
JMI
Reply With Quote