Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   For MaRKuS-DJM (https://forum.exetools.com/showthread.php?t=3941)

SvensK 04-16-2004 01:59
For MaRKuS-DJM
 
I know you cracked a version of CloneCD, so I'd like some help with it :)

I have dumped the exe and rebuild the IAT fine and all looks good except a few imports that look very different from the one I find in the original .exe.

Here's what it's supposed to be:
00500E0C $-FF25 A8A15400 JMP DWORD PTR DS:[54A1A8] ; elbycdio.ElbyCDIO_CloseTarget
00500E12 $-FF25 ACA15400 JMP DWORD PTR DS:[54A1AC] ; elbycdio.ElbyCDIO_DeInitScsi
00500E18 $-FF25 B0A15400 JMP DWORD PTR DS:[54A1B0] ; elbycdio.ElbyCDIO_DisablePowerSaving
00500E1E $-FF25 B4A15400 JMP DWORD PTR DS:[54A1B4] ; elbycdio.ElbyCDIO_Eject
00500E24 $-FF25 B8A15400 JMP DWORD PTR DS:[54A1B8] ; elbycdio.ElbyCDIO_EnablePowerSaving
00500E2A $-FF25 BCA15400 JMP DWORD PTR DS:[54A1BC] ; elbycdio.ElbyCDIO_ExDoScsiIO
00500E30 $-FF25 C0A15400 JMP DWORD PTR DS:[54A1C0] ; elbycdio.ElbyCDIO_GetDllVersion
00500E36 $-FF25 C4A15400 JMP DWORD PTR DS:[54A1C4] ; elbycdio.ElbyCDIO_GetDriveName
00500E3C $-FF25 C8A15400 JMP DWORD PTR DS:[54A1C8] ; elbycdio.ElbyCDIO_GetDriverVersion
00500E42 $-FF25 CCA15400 JMP DWORD PTR DS:[54A1CC] ; elbycdio.ElbyCDIO_GetFileVersion
00500E48 $-FF25 D0A15400 JMP DWORD PTR DS:[54A1D0] ; elbycdio.ElbyCDIO_GetMaxTransferSize
00500E4E $-FF25 D4A15400 JMP DWORD PTR DS:[54A1D4] ; elbycdio.ElbyCDIO_GetOSVersion
00500E54 $-FF25 D8A15400 JMP DWORD PTR DS:[54A1D8] ; elbycdio.ElbyCDIO_InitScsiAspi
00500E5A $-FF25 DCA15400 JMP DWORD PTR DS:[54A1DC] ; elbycdio.ElbyCDIO_LockTarget
00500E60 $-FF25 E0A15400 JMP DWORD PTR DS:[54A1E0] ; elbycdio.ElbyCDIO_OpenTarget3
00500E66 $-FF25 E4A15400 JMP DWORD PTR DS:[54A1E4] ; elbycdio.ElbyCDIO_PreventAllowMediumRemoval
00500E6C $-FF25 E8A15400 JMP DWORD PTR DS:[54A1E8] ; elbycdio.ElbyCDIO_RegCreateKeyEx
00500E72 $-FF25 ECA15400 JMP DWORD PTR DS:[54A1EC] ; elbycdio.ElbyCDIO_SameBus
00500E78 $-FF25 F0A15400 JMP DWORD PTR DS:[54A1F0] ; elbycdio.ElbyCDIO_UsesWinASPI32
00500E7E $-FF25 F4A15400 JMP DWORD PTR DS:[54A1F4] ; elbycdio.IoRemHead
00500E84 .-FF25 50A25400 JMP DWORD PTR DS:[54A250] ; elbyecc.BCD2BIN
00500E8A $-FF25 54A25400 JMP DWORD PTR DS:[54A254] ; elbyecc.BCDtoLBA
00500E90 .-FF25 58A25400 JMP DWORD PTR DS:[54A258] ; elbyecc.BIN2BCD
00500E96 $-FF25 5CA25400 JMP DWORD PTR DS:[54A25C] ; elbyecc.CheckSector
00500E9C $-FF25 60A25400 JMP DWORD PTR DS:[54A260] ; elbyecc.CheckSectors
00500EA2 $-FF25 64A25400 JMP DWORD PTR DS:[54A264] ; elbyecc.GenerateSector
00500EA8 $-FF25 68A25400 JMP DWORD PTR DS:[54A268] ; elbyecc.IdentifyTrack
00500EAE $-FF25 6CA25400 JMP DWORD PTR DS:[54A26C] ; elbyecc.LBAtoBCD
00500EB4 $-FF25 70A25400 JMP DWORD PTR DS:[54A270] ; elbyecc.LBAtoMSF
00500EBA $-FF25 74A25400 JMP DWORD PTR DS:[54A274] ; elbyecc.MSFtoBCD
00500EC0 $-FF25 78A25400 JMP DWORD PTR DS:[54A278] ; elbyecc.MSFtoLBA
00500EC6 $-FF25 7CA25400 JMP DWORD PTR DS:[54A27C] ; elbyecc.MSFtoULBA
00500ECC $-FF25 80A25400 JMP DWORD PTR DS:[54A280] ; elbyecc.RawScrambleSector
00500ED2 $-FF25 84A25400 JMP DWORD PTR DS:[54A284] ; elbyecc.ReGenECCAndEDC
00500ED8 $-FF25 88A25400 JMP DWORD PTR DS:[54A288] ; elbyecc.ReGenECCAndEDC_Mode1
00500EDE $-FF25 8CA25400 JMP DWORD PTR DS:[54A28C] ; elbyecc.ReGenECCAndEDC_Mode2Form1
00500EE4 .-FF25 90A25400 JMP DWORD PTR DS:[54A290] ; elbyecc.SyncByteTemplate
00500EEA $-FF25 94A25400 JMP DWORD PTR DS:[54A294] ; elbyecc.ULBAtoBCD
00500EF0 $-FF25 98A25400 JMP DWORD PTR DS:[54A298] ; elbyecc.UnScrambleSector
00500EF6 $-FF25 9CA25400 JMP DWORD PTR DS:[54A29C] ; elbyecc.UnScrambleSectors
00500EFC $-FF25 BCA25400 JMP DWORD PTR DS:[54A2BC] ; ccddrive.CCDDriver_CloseDriveInfo
00500F02 $-FF25 C0A25400 JMP DWORD PTR DS:[54A2C0] ; ccddrive.CCDDriver_ExGetDriveInfo2
00500F08 $-FF25 C4A25400 JMP DWORD PTR DS:[54A2C4] ; ccddrive.CCDDriver_ExcludeDrive
00500F0E $-FF25 C8A25400 JMP DWORD PTR DS:[54A2C8] ; ccddrive.CCDDriver_GetTable
00500F14 $-FF25 CCA25400 JMP DWORD PTR DS:[54A2CC] ; ccddrive.CCDDriver_Open

And here's what I have at that place in the my dumped exe:
00500E0C $-FF25 A8A15400 JMP DWORD PTR DS:[54A1A8] ; LgWndHk.10003550
00500E12 $-FF25 ACA15400 JMP DWORD PTR DS:[54A1AC] ; LgWndHk.10002710
00500E18 $-FF25 B0A15400 JMP DWORD PTR DS:[54A1B0] ; LgWndHk.10004050
00500E1E $-FF25 B4A15400 JMP DWORD PTR DS:[54A1B4] ; LgWndHk.10002730
00500E24 $-FF25 B8A15400 JMP DWORD PTR DS:[54A1B8] ; LgWndHk.10004120
00500E2A $-FF25 BCA15400 JMP DWORD PTR DS:[54A1BC] ; LgWndHk.10002690
00500E30 $-FF25 C0A15400 JMP DWORD PTR DS:[54A1C0] ; LgWndHk.100016D0
00500E36 $-FF25 C4A15400 JMP DWORD PTR DS:[54A1C4] ; LgWndHk.10002020
00500E3C $-FF25 C8A15400 JMP DWORD PTR DS:[54A1C8] ; LgWndHk.10001730
00500E42 $-FF25 CCA15400 JMP DWORD PTR DS:[54A1CC] ; LgWndHk.10001600
00500E48 $-FF25 D0A15400 JMP DWORD PTR DS:[54A1D0] ; LgWndHk.10001130
00500E4E $-FF25 D4A15400 JMP DWORD PTR DS:[54A1D4] ; LgWndHk.100018F0
00500E54 $-FF25 D8A15400 JMP DWORD PTR DS:[54A1D8] ; LgWndHk.10003DA0
00500E5A $-FF25 DCA15400 JMP DWORD PTR DS:[54A1DC] ; LgWndHk.10001C20
00500E60 $-FF25 E0A15400 JMP DWORD PTR DS:[54A1E0] ; LgWndHk.10002380
00500E66 $-FF25 E4A15400 JMP DWORD PTR DS:[54A1E4] ; LgWndHk.10001FE0
00500E6C $-FF25 E8A15400 JMP DWORD PTR DS:[54A1E8] ; LgWndHk.10002760
00500E72 $-FF25 ECA15400 JMP DWORD PTR DS:[54A1EC] ; LgWndHk.10001900
00500E78 $-FF25 F0A15400 JMP DWORD PTR DS:[54A1F0] ; LgWndHk.10002CE0
00500E7E $-FF25 F4A15400 JMP DWORD PTR DS:[54A1F4] ; LgWndHk.10003DB0
00500E84 .-FF25 50A25400 JMP DWORD PTR DS:[54A250]
00500E8A $-FF25 54A25400 JMP DWORD PTR DS:[54A254]
00500E90 .-FF25 58A25400 JMP DWORD PTR DS:[54A258]
00500E96 $-FF25 5CA25400 JMP DWORD PTR DS:[54A25C]
00500E9C $-FF25 60A25400 JMP DWORD PTR DS:[54A260]
00500EA2 $-FF25 64A25400 JMP DWORD PTR DS:[54A264]
00500EA8 $-FF25 68A25400 JMP DWORD PTR DS:[54A268]
00500EAE $-FF25 6CA25400 JMP DWORD PTR DS:[54A26C]
00500EB4 $-FF25 70A25400 JMP DWORD PTR DS:[54A270]
00500EBA $-FF25 74A25400 JMP DWORD PTR DS:[54A274]
00500EC0 $-FF25 78A25400 JMP DWORD PTR DS:[54A278]
00500EC6 $-FF25 7CA25400 JMP DWORD PTR DS:[54A27C]
00500ECC $-FF25 80A25400 JMP DWORD PTR DS:[54A280]
00500ED2 $-FF25 84A25400 JMP DWORD PTR DS:[54A284]
00500ED8 $-FF25 88A25400 JMP DWORD PTR DS:[54A288]
00500EDE $-FF25 8CA25400 JMP DWORD PTR DS:[54A28C]
00500EE4 .-FF25 90A25400 JMP DWORD PTR DS:[54A290]
00500EEA $-FF25 94A25400 JMP DWORD PTR DS:[54A294]
00500EF0 $-FF25 98A25400 JMP DWORD PTR DS:[54A298]
00500EF6 $-FF25 9CA25400 JMP DWORD PTR DS:[54A29C]
00500EFC $-FF25 BCA25400 JMP DWORD PTR DS:[54A2BC]
00500F02 $-FF25 C0A25400 JMP DWORD PTR DS:[54A2C0]
00500F08 $-FF25 C4A25400 JMP DWORD PTR DS:[54A2C4]
00500F0E $-FF25 C8A25400 JMP DWORD PTR DS:[54A2C8]
00500F14 $-FF25 CCA25400 JMP DWORD PTR DS:[54A2CC]

All else looks good and the program doesn't even have any stolen bytes.
If anyone else have a clue what this could be about, please enlighten me.

Edit: I have found that the problem occur because my exe doesn't load elbycdio, elbyecc and ccddrive into memory at load. How can I fix this?

Regards
SvensK

SvensK 04-16-2004 08:30
Ok, problem solved. ImpREC was just not searching for the IAT at the right place. Entered the IAT start and size manually and then fixed it. Exe runs fine now. :)

MaRKuS-DJM 04-16-2004 17:52
i got the same problem as you first... ImpRec finds wrong place for IAT and then my dump always crashed. then i had another problem, size was too small for IAT. my dump crashed when i clicked on a button in the main-dialog *lol*

SvensK 04-16-2004 20:22
Hehe, kinda messy. Never seen this before in aspr targets. Nice to run into something new :)

Edit: Glad I learned it though, ran into the same problem when rebuilding IAT for WhereIsIt v3.57. I have a working dumped and fixed exe now. Phew, that took some time :)


All times are GMT +8. The time now is 05:01.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX