Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Help a newby cracker
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #4  
Old 02-17-2005, 15:18
LaDidi LaDidi is offline
VIP
  
Join Date: Aug 2004
Posts: 222
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 64
Thanks Rcvd at 54 Times in 29 Posts
LaDidi Reputation: 11
An other idea
Are you sure that you don't have any call to CreateProcess ?
During the execution of the "original" proggy, some funny guys create a .exe in \TEMP (fo example) who do the the job so....
Maybe use FileMon to verify ?
To be sure of the win32 API used to check the registry, do you use RegMon ?
No, I do not work for SysInternals :-)

Maybe it will be a good idea to NOT BreakPoint at the begiginning of the Reg* API but at 3 or 4 ASM instructions after due to some stolen bytes by some proggy :-) YES, some proggy do not go at the beginning but step ahead. The begining is always the same boring : push ebp; mov ebp, esp; ....

Have fun !
Last edited by LaDidi; 02-17-2005 at 15:27.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
CRC Cracker CodeCracker Community Tools 4 10-18-2017 12:18


All times are GMT +8. The time now is 13:15.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )