|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
|
|
#1
08-26-2004, 04:12
|
|||
|
|||
|
Getting to the oep is easy but cant find the end and start of IAT!!!!!!1
Any suggestions on how to find it!!!!!!! 
|
|
#2
08-26-2004, 04:21
|
|||
|
|||
|
go to 401000 and then search for FF25 and you have an entry of the iat... and then you can find the begining and the end. Then set a hardware bp on write on the first iat value and let it run until it has the values which it had when you set the bp. You shoudl be in a loop then where you find a jump which makes the iat working for you
 .
|
|
#3
08-26-2004, 04:31
|
||||
|
||||
|
there are different IAT-protection. mostly i saw one type which was easy to fix:
there was a msvcrt._stricmp, and after this a JE. if you change it to JMP, IAT will be auto-fixed. to find this, set a hardware-BP on any IAT-entry and when you are at the command it is written, search up for this stricmp. good luck
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Unpackable packer ? | jackdanielz | General Discussion | 9 | 02-12-2003 05:55 |
Hybrid Mode
