well oleh is using Message(debugstring);
instead of Message(%s,debugstring);
to sprintf() before his addtolist()
i didnt look into it deep i was satisfied when the crackme stopped crashing ollydbg
but
Flagmax why do you say it looks at so much bytes there is a parameter number of bytes to read that is passed to Readmemory() it gets filled up before i call it
Quote:
004AF647 . FF35 26574D00 PUSH DWORD PTR DS:[4D5726] ; poked around and saw olly using it so i am using it
004AF64D . FF35 20574D00 PUSH DWORD PTR DS:[4D5720] ; poked around
|
the read memory reads only that much bytes and as far as i noticed it sets the nullterminator too i think after it uses ReadProcessMemory() api
and i use that same value for repnesacsb
Quote:
|
004AF661 . 8B4C24 08 MOV ECX, DWORD PTR SS:[ESP+8] ; you might
|
can you tell me if you single stepped through and tell me if that length value was initialised or not
any way thanks for making it into a usable patch
(i didnto try it coz i cant download) but hope you made it good
and thanks to markus for trying it out on xp-sp2 and liking it
the othere patches that TQN refers is in rce forum posted by shub-Nigurrath
it is about changing the ollydbg class string and window text so that it can evade the crop of FindWindow() Coders