|
|
#11
02-14-2004, 10:27
|
|||
|
|||
|
[QUOTE]Originally posted by Wurstgote
[B]It's me again  . First I've tried to follow britedreams suggestions, but either his ideas were way beyond my head or Win XP behaves different than Win 2K.; so I had to do it on my own. I've loaded the dumped app into Olly and let it run. As soon as I try to access the "Options" in the "Tools" menu, Olly pops up with an access violation at 57891e. The code around looks like this: 0057890C /$ PUSH EBP 0057890D |. MOV EBP,ESP 0057890F |. PUSH ECX 00578910 |. PUSH EBX 00578911 |. MOV EAX,DWORD PTR DS:[40781E] ;<&kernel32.GetModuleHandleA> 00578917 |. MOV EBX,DWORD PTR DS:[EAX] 00578919 |. PUSH DWORD PTR DS:[EBX] 0057891B |. MOV DWORD PTR SS:[EBP-4],EBX 0057891E |. POP DWORD PTR DS:[EBX] 00578920 |. MOV EAX,DWORD PTR SS:[EBP-4] 00578923 |. POP EBX 00578924 |. POP ECX 00578925 |. POP EBP 00578926 \. RETN So I've put a breakpoint on 578911 and single-stepped through the code. ----------------------------------- you should bp 578911 in the orignal and follow the [40781e] to find the correct value. on your pc 578911 is the correct address for code that I changed in my earlier post. Last edited by britedream; 02-14-2004 at 10:33. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| one newbie question | SubzEro | General Discussion | 7 | 03-12-2015 06:05 |
| ASPR, ARMA question | sgdt | General Discussion | 3 | 04-09-2006 03:38 |
| ASPR 1.2 question | gabri3l | General Discussion | 42 | 05-01-2004 15:09 |
| a newbie question about CRC32 | abccc | General Discussion | 13 | 04-23-2004 03:13 |
| "newbie" question for crackers ;) | newbie007 | General Discussion | 4 | 10-07-2003 04:46 |
Threaded Mode