Exetools - View Single Post

#21 05-05-2004, 21:24

OEP is: 0049899C -> 0009899C

the 0 you see before this location belongs to some Dword value .. don't touch it!

but stolen bytes you give might be confuse... i tried

558BEC83C4D8B894834900

my exe is not crashing but ends somewhere where the programs quit or is not reading some part necessary to load ...

of course there are some aspr. checks as i said before... if you don't fix them the program will crash .... tip: RaiseException API

make sure also at 0042B68C the call dword has that RVA (dword value [FC824900]) in your dumped exe or will never work or even load at all

the only solution will be to trace with original one and step into the calls until program reach the code to be full loaded... then to trace with dumped one to see differences.

Call EAX @ 0040400E .... and where exactly is calling this.. RVA ?