Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page hashing algorithms
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-28-2007, 21:42
abccc
 
Posts: n/a
thnkz GIT... and while I am trying to find any solution for this I hope if somebody could take a look to the code and tell us any hints about that.
Reply With Quote
  #2  
Old 09-29-2007, 12:15
Sabor Sabor is offline
Friend
  
Join Date: Sep 2005
Posts: 68
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 2 Posts
Sabor Reputation: 3
hmm
You can load it in olly/ida/sice directly and dont need to unpack or fix anything. Just find the registration routine which accesses registry for reg info. Patch it to be nice and you should be done.
Reply With Quote
  #3  
Old 09-30-2007, 00:17
abccc
 
Posts: n/a
Quote:
Originally Posted by Sabor
You can load it in olly/ida/sice directly and dont need to unpack or fix anything. Just find the registration routine which accesses registry for reg info. Patch it to be nice and you should be done.

well, I tryed to run under ollydbg ,it always crachs and I think it got anti-debug tricks or something like that here what I got

00497D16 C600 00 mov byte ptr [eax], 0
error : access violation when writing to [00000000]

and it goes into loop because I tryed to continue with shift+f9 and
I used a plugin to hide debuger but with no lock at all....
Last edited by abccc; 09-30-2007 at 00:24.
Reply With Quote
  #4  
Old 10-01-2007, 07:20
Sabor Sabor is offline
Friend
  
Join Date: Sep 2005
Posts: 68
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 2 Posts
Sabor Reputation: 3
hmm
Do we have the same app?

Program Files\Proxy Switcher Standard

Thats the dir I have and the .app is ProxySwitcher.exe 4.15mb. I place it in olly with ignoring all debug exceptions. I have normal antidebug. Also that address you pasted instruction does not correpond. Try downloading the app again and doing a fresh install, I think your unpack attempt broke it.

00497D06 . B9 48804900 MOV ECX,ProxySwi.00498048 ; ASCII "InProcess debug forced."
00497D0B . B2 01 MOV DL,1
00497D0D . A1 BCA14000 MOV EAX,DWORD PTR DS:[40A1BC]
00497D12 . E8 5D69F7FF CALL ProxySwi.0040E674
00497D17 . E8 28BEF6FF CALL ProxySwi.00403B44
00497D1C > 6A 00 PUSH 0 ; /RootPathName = NULL
00497D1E . E8 09F9F6FF CALL <JMP.&kernel32.GetDriveTypeA> ; \GetDriveTypeA
00497D23 . 83F8 04 CMP EAX,4
00497D26 . 75 20 JNZ SHORT ProxySwi.00497D48
00497D28 . A1 04C46B00 MOV EAX,DWORD PTR DS:[6BC404]
00497D2D . 8338 01 CMP DWORD PTR DS:[EAX],1
00497D30 . 74 16 JE SHORT ProxySwi.00497D48
00497D32 . B9 68804900 MOV ECX,ProxySwi.00498068 ; ASCII "Shellexecute wont work properly on network drive."

Thats what I have for that addr. So reinstall app, start fresh, and just load it directly in olly and see what you get.
DONGS
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Segmented File Hashing Utility HarrySpoofer Source Code 5 10-11-2023 23:16
Hashing Utility v1.0 chessgod101 Community Tools 16 11-07-2021 11:58


All times are GMT +8. The time now is 21:29.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )