Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Unpacking G6FTP 3.0
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #20  
Old 05-05-2004, 21:24
Crk
 
Posts: n/a
OEP is: 0049899C -> 0009899C

the 0 you see before this location belongs to some Dword value .. don't touch it!

but stolen bytes you give might be confuse... i tried

558BEC83C4D8B894834900

my exe is not crashing but ends somewhere where the programs quit or is not reading some part necessary to load ...

of course there are some aspr. checks as i said before... if you don't fix them the program will crash .... tip: RaiseException API

make sure also at 0042B68C the call dword has that RVA (dword value [FC824900]) in your dumped exe or will never work or even load at all

the only solution will be to trace with original one and step into the calls until program reach the code to be full loaded... then to trace with dumped one to see differences.

Call EAX @ 0040400E .... and where exactly is calling this.. RVA ?
Last edited by Crk; 05-05-2004 at 21:41.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 07:15.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )