Thread: Oberon Game: Agatha Christie Murder on Nile
View Single Post
  #3  
Old 07-15-2007, 06:20
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
  
Join Date: Feb 2006
Location: Syria
Posts: 1,047
Rept. Given: 517
Rept. Rcvd 374 Times in 142 Posts
Thanks Given: 380
Thanks Rcvd at 416 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Lightbulb Try to use "Armadillo OpenMutexA"
If u use "Armadillo OpenMutexA" script , and u pass all Exceptions and after 2
CreateThread then go to RET and u will find this Call
00D6036D FFD1 CALL ECX which go u to The OEP
this Is :
004118D6 . 6A 60 PUSH 60 This is the OEP
004118D8 . 68 A8>PUSH 004326A8
004118DD . E8 56>CALL 00412238
004118E2 . BF 94>MOV EDI,94
004118E7 . 8BC7 MOV EAX,EDI
004118E9 . E8 32>CALL 00410720
004118EE . 8965 >MOV DWORD PTR SS:[EBP-18],ESP
004118F1 . 8BF4 MOV ESI,ESP
004118F3 . 893E MOV DWORD PTR DS:[ESI],EDI
004118F5 . 56 PUSH ESI ; /pVersionInformation
004118F6 . FF15 >CALL DWORD PTR DS:[42E298] ; \GetVersionExA
use ArmInline then Dump the file ,and u wil find it by PEiD is
Microsoft Visual C++ 7.0 [Debug]
that all i have.................................
Reply With Quote