|
@rix,
the oep of your progy was 00406744,
I used the same method in the tut with oly dump plugin,
and let the plugin rebuild the Imports,
runs fine
Regards
R@dier
0052A001 > 60 PUSHAD <-------start point execute F7
0052A002 E8 72050000 CALL target.0052A579 <----set breakpoint on addy in ESP register
F9 run the progy
0052A4F4 75 08 JNZ SHORT target.0052A4FE <--- you will land here
0052A4F6 B8 01000000 MOV EAX,1
0052A4FB C2 0C00 RETN 0C
0052A4FE 68 44674000 PUSH target.00406744 <--- OEP ady
0052A503 C3 RETN
F7 till you execute the RETN
you will land here
00406744 68 CC874000 PUSH target.004087CC <----------start dump here
00406749 E8 F0FFFFFF CALL target.0040673E
0040674E 0000 ADD BYTE PTR DS:[EAX],AL
00406750 0000 ADD BYTE PTR DS:[EAX],AL
done
Last edited by R@dier; 10-15-2003 at 19:07.
|