Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Armadillo 2.85 Custom + CopyMem & Nanomites
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #4  
Old 01-04-2005, 20:07
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
Hi...thanks to all for suggestions. I tried the tutorial and the attaching, but no luck.

Here is what i did:

No need to bp on debugger present, olly is not detected anyway.
Bp on WaitForDebugEvent, and click follow in dump (pDebugEvent 0012EFF8)
Bc on WaitForDebugEvent
Bp on WriteProcessMemory: no break.

The programs do not break on WriteProcessMemory. Looking in the processlist i can already see 2 processes on break on WaitForDebugEvent.

So i Bp on WriteProcessMemory first: it breaks two times, but in the dump window i cannot see three equal values(like tutorial says) so, cannot find oep.

Do someone of you know what i'm doing wrong?

As for the attaching of the decrypted son to see the version, i can't attach anything, olly says 'Cannot attach to proces xxxxx'.
Last edited by TmC; 01-04-2005 at 20:09.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dumping Armadillo 3.0-3.6 without CopyMem II chaboyd General Discussion 17 11-21-2004 06:20


All times are GMT +8. The time now is 10:29.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )