Quote:
|
Originally Posted by Messer
hacnho described a very good way in his tutorials about IAT-Elimination to find the magic jump. This method also works very well here.
|
Hi Messer, I take a look at hachnos methods of finding the magic jump. I was using Madman Hercules tut on unpacking a DLL packed with Arma 4.xx.
It describes patching two jumps, one to stop IAT destruction and one for anti-dump (GetTickCount).
I guess you must have used the same technique as Archer when he looked at an earlier version which I couldn't get to load without error on my system. He only me a single patch and then dumped it .
Quote:
|
Originally Posted by Messer
I've unpacked the dll now, but my problem are the relocations...
|
Archer also had trouble with the relocs. Is the reloc table still there in the dump or has it been wiped? If it has been wiped, could it just be the option setting in LordPE is checked to Wipe Relocation. I've found some information on fixing relocs which I'll compile and post later.
Quote:
|
Originally Posted by Messer
Also make sure you don't use normal breakpoints on the APIs because Arma detects them and will then crash the program.
|
I've only been using HW BPs when debugging the DLL.
Quote:
|
Originally Posted by Messer
Then set a bp on the .text-section. Next time you break you should have reached the OEP. Dump with LordPE and fix Imports.
|
That's what I've been doing to find the OEP, only it crashes after I have made the patches. I can't have applied the right patches if it is crashing at OEP. Damn.
Thanks for you help.