Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page System Cleaner 4.9.3.174
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-17-2004, 04:59
hobgoblin hobgoblin is offline
Friend
  
Join Date: Jan 2002
Posts: 124
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 5 Posts
hobgoblin Reputation: 0
Hi there
I found a little more stolen bytes than you did. Here there are:

55 PUSH EBP
8BEC MOV EBP,ESP
83EC 18 SUB ESP,18
53 PUSH EBX
56 PUSH ESI
57 PUSH EDI
33C0 XOR EAX,EAX
8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
8945 EC MOV DWORD PTR SS:[EBP-14],EAX
B8 B4FF5700 MOV EAX,dumped_.0057FFB4

After unpacking it, I also got the error message you did. But this error message is a blessing in disguise really.:-) The box ask you if you want to send a message to the author or not. And it aks you if you want to look at it. Take a look at it, and you'll find a referance to a call at the address 005807AA. By checking that out I quickly found out that by nop'ing it, the program runs fine.
I dumped the program using LordPE, not Olly.

regards,
hobgoblin
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 05:18.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )