|
Hi JuneMouse, I think I understand what you are saying. Her's what I found.
Here's the call I was speaking about:
00398228 3348 38 XOR ECX,DWORD PTR DS:[EAX+38]
0039822B 3348 30 XOR ECX,DWORD PTR DS:[EAX+30]
0039822E 2BF9 SUB EDI,ECX
00398230 FFD7 CALL EDI
00398232 8BD8 MOV EBX,EAX
00398234 5F POP EDI
If I place a BP @ 00398230h and ignore the warning, the debugger doesn't break.
Instead I land here:
10137567 >/$ 55 PUSH EBP
Olly says that this is the module entry point. How can I be sure of this? I dump from this address and then?
This packed DLL has a time trial based protection too. Will it be possible to unpack without a valid name and key?
You'll understand why I don't want to be spending time on something that can be broken.
5aLIVE
|