Welcome Vam between us .... and Thanks for response .
I will send the target to ur PM , sorry from all , it is a private software .
Edit:
after it decoded "kernel32.GetVersion" , it produce the trc file , but not produce log file and olly exit
Quote:
|
005C83ED 8DBF EC6A>lea edi, dword ptr [edi+B5826AEC]
|
in trc file it end at
but the function end at
Quote:
005C8415 C2 4000 ret 40
to back to this :
|
Quote:
00447370 E8 0F6F12>call unpacked.0056E284 >>>>> Function
00447375 57 push edi >>>> back from ret 40
00447376 FFD6 call near esi ; kernel32.GetVersion
|
does VMware affect on the work of this plugin or not ??!!