|
lorn, if you have more to add to a subject please use the edit button rather than double posting.
In regards to Satyric0n's post I had the same problem on Win XP SP2. It would not run correctly packed or unpacked. It only ran on my Win 2000 computer.
I reached 500000 by adding the virtual address space of 400000 to the size of the code section. When your executable is run it is loaded into memory. For more info check out hxxp://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/virtual_address_space.asp
So with a code section starting at 1000 and a virtual address space starting at 400000 you get 401000 as the start of the code section when it is loaded into memory. Now you know that the size of your code section is 113000. So 401000 + 113000 gives you 514000. That is the end of your code section. I just rounded down to 500000 but to be specific you would have traced until eip < 514000.
|