|
|
#11
02-13-2004, 02:58
|
|||
|
|||
|
Okay, I've tried something else.
1. Relocation table: Taking a look at 2EA9C4, it seems clear that the relocation table is empty, since there is only the header of the fix-up block (manipulated by ASPR?). I pushed that part to 231000, since there should be the original rel. table. After that I've fixed the directory table entry to 231000. No problem. 2. Thread Locale Storage: Examining addr 2ea9cc (place of TLS directory), I've found the following data: Raw Data Start: 62F000 (- base = 22F000 => empty section) -"- End : 62F01C Index : 6140C4 (some zeros inside of .data) Callbacks : 630010 (-base = 230010; hmmm... looks interesting, since at 630000 there's an exact copy of the TLS at 2ea9cc...) Size of Zerofill : 0 Characteristics: 0 First I've simply tried to transfer those 24 bytes to 22e00 and fix the directory table entry for TlsTable accordingly. It works, as long as I don't delete the .data section  Now I've got not the slightest idea on how to proceed... At the moment, I'm trying to find out if any code in the .data section is executed, but it doesn't look like that would happen. So I'm afraid I'll need another hint  Regards Wurstgote 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| one newbie question | SubzEro | General Discussion | 7 | 03-12-2015 06:05 |
| ASPR, ARMA question | sgdt | General Discussion | 3 | 04-09-2006 03:38 |
| ASPR 1.2 question | gabri3l | General Discussion | 42 | 05-01-2004 15:09 |
| a newbie question about CRC32 | abccc | General Discussion | 13 | 04-23-2004 03:13 |
| "newbie" question for crackers ;) | newbie007 | General Discussion | 4 | 10-07-2003 04:46 |
Threaded Mode