|
|
#32
03-29-2004, 11:41
|
|||
|
|||
|
HEY!
I believe I found the solution... the problem is I'm tired and have to get up for work at 5am. Right before the: XOR DWORD PTR DS:[EAX],EAX is always: MOV DWORD PTR FS:[EAX],ESP keeping this in mind I did this: DEBUG->SET CONDITION CHECK -> COMMAND IS ONE OF and enter into the box: MOV DWORD PTR FS:[EAX],ESP CLICK OK (to exit Set Condition Window) To save on a lengthy trace at the very start I did a Hardware BP at address: 9741A1 ( MOV DWORD PTR FS:[EAX],ESP ). I did a NOP on the XOR[EAX],EAX and then continued with CTRL+F11 (trace) till the next one... and the next.... Now I need to do this till I get to the SEH XOR[EAX],EAX @ address 974350 which should be the area before the Registry is read for the "Key". I will confirm this tomorrow unless someone else out there does it first  Please let me know if this is correct/incorrect. Just a reminder that on my system during this session my first SEH error address is at 9741A4, then 973AC1, then 973B09... there are too many to list... you get the idea. Nite! 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ASProtect SKE unpacking | TempoMat | General Discussion | 10 | 08-24-2016 17:48 |
| need help unpacking ASProtect | Fade | General Discussion | 8 | 05-25-2011 22:12 |
| Unpacking asprotect | britedream | General Discussion | 7 | 09-01-2004 01:46 |
Threaded Mode