@TechLord:
Did you do the "Junk Marking", to see the decrypted code and disable emulation or is there an easy way?
I get to see where the Security.Dll (I think its the security dll, cause if I disable the writes JE/alloc it will say can't allocate Dll error) is loaded, what loads it and stuff, also I got to see where the decrypted code gets written for the first time. But I couldn't find the second Junk marker. Still trying... and its frustrating..
Also I've tried using UIF, and my manual splicing fix still works, then attached the memory regions missing(like the one I believe is the Security Dll and the one with size 0E6000H) but the dump crashes. I thing I am missing the API redirection/emulation Fix. I wish I could put all of this in a video.
Quote:
|
I wish I had 10 Rept., still can't get GIV script v0.2. Please share that attachment link if someone has it already.
|
[Update]
Got past the second Junk Marker its actually a Call that decrypts the code pages,
I believe I am at the Import Redirection itself, need help now.
Code:
So here is a video, check it out..
I am getting almost 740 api's but still can't get the dump working.
Video
Oh I missed it, the error I get is "Out of Memory"
Come on Guys, its about time, someone helped me...
Regards,
Ben