|
I here have looked this PECompact 1.84 and have unpacked him.
I can tell, that a code of a kind:
:XXXXXXXX POPAD
:XXXXXXXX POPFD
:XXXXXXXX PUSH EAX
:XXXXXXXX PUSH XXXXXXXX
:XXXXXXXX RET 4
I observed many times in a code of the PECompact.
After bpm esp-4... etc. needed press F5(So much time - how many it is necessary to find OEP).
So probably it was necessary still pressed F5.
May be this (001B:00B65C58 55 PUSH EBP) not OEP!
If it is possible give the link to your program.
I am sorry for my horrible english.
|