Thanks everybody this info is much more than i could have hoped for so ill give it a go in ollydebug
Quote:
|
Originally Posted by zaratustra
....if for example you use peid on g3tright 5 (the one of
the ricardo's tutorial) you will get a wrong version.
Only a question,
i've tried the tutorial too, on win2k and it was impossible for
me to break with olly on the kernel32 api with detachs the
father form the son? why is it not possible on win2k?
cheers z.
|
I think ricardo said that it was only XP .dll's that had the neccessary functions to seperate the son , father processes....Someone also said that it was still possible though to dump it once we had it in the loop but i wasnt successful when i tried few months ago..
This new app isnt copymenso mayb have better luck with this one
paul333