Thread: Armadillo 2.85 Custom + CopyMem & Nanomites
View Single Post
  #4  
Old 01-04-2005, 20:07
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
Hi...thanks to all for suggestions. I tried the tutorial and the attaching, but no luck.

Here is what i did:

No need to bp on debugger present, olly is not detected anyway.
Bp on WaitForDebugEvent, and click follow in dump (pDebugEvent 0012EFF8)
Bc on WaitForDebugEvent
Bp on WriteProcessMemory: no break.

The programs do not break on WriteProcessMemory. Looking in the processlist i can already see 2 processes on break on WaitForDebugEvent.

So i Bp on WriteProcessMemory first: it breaks two times, but in the dump window i cannot see three equal values(like tutorial says) so, cannot find oep.

Do someone of you know what i'm doing wrong?

As for the attaching of the decrypted son to see the version, i can't attach anything, olly says 'Cannot attach to proces xxxxx'.
Last edited by TmC; 01-04-2005 at 20:09.
Reply With Quote