Thread: Entrypoint < 400000 ,then how to dump?[ASProtect 1.22 - 1.23 Beta 21]
View Single Post
  #5  
Old 12-12-2005, 18:38
winndy winndy is offline
VIP
  
Join Date: Sep 2005
Posts: 236
Rept. Given: 104
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 27
Thanks Rcvd at 16 Times in 13 Posts
winndy Reputation: 26
I got it!
Once again a brave knight saved a pooy guy...

And I moved the Nag.
Code:
00422370     A1 207A4300         mov eax,dword ptr ds:[437A20]  ==>patch here
00422375     50                  push eax
00422376     FF15 CC104000       call dword ptr ds:[<&kernel32.lstrlen>] ; kernel32.lstrlenA
0042237C     85C0                test eax,eax
0042237E     75 0E               jnz short HFFR_d__.0042238E         ===>must jump
00422380     50                  push eax
00422381     A3 08BE4000         mov dword ptr ds:[40BE08],eax
00422386     E8 D5000000         call HFFR_d__.00422460               ===>Nag window

let's see the memory:
00437A20  61 38 3E 00 00 00 00 00  a8>.....
00437A28  00 00 00 00 00 00 00 00  ........

Patch it:
00437A20  28 7A 43 00 00 00 00 00  (zC.....
00437A28  77 69 6E 6E 64 79 00 00  winndy..

No more Nags.
It's your honour,hosiminh.

Regards
Reply With Quote