Thread: Inline patching a packed dll
View Single Post
  #10  
Old 04-30-2003, 20:19
asterix asterix is offline
Friend
  
Join Date: Feb 2003
Posts: 98
Rept. Given: 1
Rept. Rcvd 4 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
asterix Reputation: 4
I do not know as you there copied it from SoftICE, but OEP it:

301B:00CFD54E 61 POPAD
301B:00CFD54F 9D POPFD ///Restore registers
301B:00CFD550 50 PUSH EAX
301B:00CFD551 60505CB600 PUSH 00B65C50 <---put OEP on the stack
301B:00CFD556 C20400 RET 4

If you are on eip=00CFD551 PUSH 00B65C50, give command
a eip
jmp eip
but it is necessary to remember about "nop".
Or to use command !SUSPEND with IceExt.
Then open LordPE and dump it and to restore import!!!

I do not know that there for problems with import.
May be to use ImpRec?
Last edited by asterix; 04-30-2003 at 20:29.
Reply With Quote