|
|
#8
06-22-2004, 14:07
|
||||
|
||||
|
Nice tut about finding the jump to OEP in aspack 2.11. This hardware breakpoint on ESP value method also works for v2.12.
 The difference between v2.11 and v2.12 is that in v2.11 you can't find the signature bytes for the jump to OEP. It seems to me that the section for the signature bytes in v2.11 will be decrypted by the unpacking routine. (I see this is already explained here: http://exetools.com/forum/showthread.php?t=4072&highlight=ASPACK) I downloaded GetDataBack for NTFS v2.25. When debugging I see this XOR code: Quote:
 So if possible, upload the exe you used in your previous section and I'll try to inline patch it.  Or can someone explain how to break on the XOR code?
__________________
thedutchjewel.freehostia.com Last edited by TheDutchJewel; 06-22-2004 at 14:50. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Having trouble locating the jump | CrAcKaHoLic | General Discussion | 2 | 09-10-2003 00:08 |
Threaded Mode