|
Thank you for the response. I've been working on this for the past few days. And been getting a little turned around on it. I have made a dump that will load the program but my import table is all screwed up so any menu function etc... will crash the prog, I was using ImportREC to do the IAT but I think it may take a little more of a hands on approach because it just will not rebuild properly.
I have come to the conclusion that there are no stolen bytes. The trace confirms it as does ASPRstripper. (honestly, a little dissapointed i was hoping to work with stolen bytes when i saw the three pops) I suppose where you indicated a RET, since there are no stolen bytes I immediately JMP rather than returning and stealing bytes. I could not figure out why I was not hitting any returns after my last exception. And getting curious because none of my dumps seemed to work correctly. Thank you JMI for the help.
|
04-28-2004, 07:30
Similar Threads
Threaded Mode