Quote:
|
Originally Posted by MaRKuS-DJM
i think this armadillo should be no problem. if there's really no copymem, a BP CreateThread leads you near OEP. step two calls out and look down. there should be a call EDI which leads you into OEP
|
OK thanks Markus im now attempting this at the mo
..can u clarify what u mean "step 2 calls out" ?
Ive loaded my app into ollydegub..set it to break "entry point of main module" in options
..did "BP CreateThread" in commandline plugin then F9'd it landed me in kernel.32.dll..ok..does "step 2 calls out" mean 2 returns from there/here ?...
sorry for mix up
paul333