Thread: Dillo protected DLL
View Single Post
  #8  
Old 08-27-2005, 02:42
5Alive 5Alive is offline
Friend
  
Join Date: Aug 2003
Posts: 82
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
5Alive Reputation: 0
Apologies for my for poor etiquette JMI. I was just exercising my train of thought, I'll seek to do this in smaller confines from now on.

@taos thanks for replying. I understand what you are saying about dumping within the time limit.

I have since managed to find the OEP using AvAtArs script and dump the DLL. I need to look into fixing the IAT as I understand that this has been destroyed.
The dump certainly doesn't work at the moment.
UPDATE:I attached to the DLL using impREC and it already has the correct OEP displayed? I wasn't expecting that to be the case.

There are no invalid thunks. I selected fix dump and try to run it, and it fails saying that the program is damaged with a bad sector or virus.

Any suggestions where I'm going wrong?



I have already tried using the John Who's Trial Doctor 1.3, it doesn't find any registry entries but it does find and delete a .tmp file. This isn't enough to reset the trial period.

For the moment, I just restored an image that was created before installing the target. I read that I need to use a reg snapshot tool of some sort and monitor the Win folder to find what is being changed.

5aLIVE
Last edited by 5Alive; 08-27-2005 at 06:40.
Reply With Quote