|
|
#23
12-01-2003, 17:03
|
|||
|
|||
|
To svensk:
I did unpack dap, here the info: oep and Iat is given earlier,but stolen bytes are: 004C7B2A > $ 55 PUSH EBP 004C7B2B . 64:8925 00000000 MOV DWORD PTR FS:[0],ESP 004C7B32 . 83EC 68 SUB ESP,68 004C7B35 . 64:FF35 00000000 PUSH DWORD PTR FS:[0] 004C7B3C . 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 004C7B3F . 33DB XOR EBX,EBX mov dword ptr ss:[ebp-4],ebx ; [missed] 004C7B41 . FF15 70204E00 CALL NEAR DWORD PTR DS:[<&msvcrt.__set_app_type>] ; msvcrt.__set_app_type pop ecx [missed] 004C7B47 . 830D 703D5300 FF OR DWORD PTR DS:[533D70],FFFFFFFF 004C7B4E . 830D 743D5300 FF OR DWORD PTR DS:[533D74],FFFFFFFF 004C7B55 . FF15 6C204E00 CALL NEAR DWORD PTR DS:[<&msvcrt.__p__fmode>] ; msvcrt.__p__fmode 004C7B5B . 8B0D 3C3A5300 MOV ECX,DWORD PTR DS:[533A3C] 004C7B61 . 8908 MOV DWORD PTR DS:[EAX],ECX 004C7B63 . FF15 34204E00 CALL NEAR DWORD PTR DS:[<&msvcrt.__p__commode>] ; msvcrt.__p__commode 004C7B69 . 8B0D 383A5300 MOV ECX,DWORD PTR DS:[533A38] 004C7B6F . 8908 MOV DWORD PTR DS:[EAX],ECX 004C7B71 . A1 3C204E00 MOV EAX,DWORD PTR DS:[<&msvcrt._adjust_fdiv>] mov eax,dword ptr ds:[eax] ; missed 004C7B76 . A3 6C3D5300 MOV DWORD PTR DS:[533D6C],EAX at address :48bc63 = push 48bd65 ,retn copy section 00C00000 from orignal file to the unpacked and svkp1.3 will be history. britedream Regards Last edited by britedream; 12-07-2003 at 22:26. 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| svkp | infern0 | General Discussion | 3 | 06-05-2011 18:34 |
| SVKP 1.3x unpacking | codeX | General Discussion | 10 | 01-28-2005 22:03 |
| The new svkp 143 | britedream | General Discussion | 3 | 09-19-2004 22:22 |
Threaded Mode