|
|
#13
01-29-2006, 05:44
|
||||
|
||||
|
Its link is 7 posts above :
http://rapidshare.de/files/11875194/notepad.armadillo.4.40.custom.all.protections-DappA.zip.html Use script attached in first post. In step 5, put MSG "Step 5" to see it will execute 3 times, but it must be 1. Code:
Step5: bc CreateThread rtu eob Step6 find eip, #33????33????2B??FF??8?# mov CallOEP, $RESULT add CallOEP, 8 bp CallOEP run I emphasize again, step by step execution gives same result as expected, but running it has fault result ! I don't know why, but this part of Step 3 is the cause of this error : Code:
... ... find eip,#8B85????FFFF3B85????FFFF731D8B85????FFFF8B8D????FFFF89088B85????FFFF83C004# cmp $RESULT,0 je Step4 mov WriteIAT,$RESULT add WriteIAT,1A bpl WriteIAT,"eax" log " " log "Import Table Addresses : " log " " find eip,#E9????FFFF8B85????FFFF8985????FFFFFFB5????FFFFE8????00005983BD????FFFF000F84????0000# cmp $RESULT,0 je exit mov EndofIAT,$RESULT add EndofIAT,5 bp EndofIAT I hope you can solve this.  Regards Last edited by Newbie_Cracker; 01-29-2006 at 05:55. 
|
|
|
Threaded Mode