Thread: Program crash
View Single Post
  #15  
Old 02-28-2005, 01:21
MAHMUT
 
Posts: n/a
Here am I
Hello, here am i finally...

Sorry again for waiting.

Like I promised, I will answer to all of your questions. I am sorry
that you have talked so much about "if DEC ECX" could crash my application.
I dissasembled the dumped file again, and it really crashes at this address.
Olly said at this point access violation when reading 5A4550F0-use shift+ F7 ...

I don't know where to start. I must admit, i didn't
understand all of your posts, cause i am still a newby. I will answer to those who
i understand, and to others later, when i read more about stuff they wrote about.
I start whit who first replied, Dyno.

I followed your advice: I oppened 2 Olly's (1 dumped file, another
original with hardlock). After 1 hour of tracing (F7 or F8) and looking every register
at every code place, and ofcourse also the flags, I didn't knew what's my name. I was
very tired, and my pancakes were overbaken.
Your next advice, was to remove the drivers, what i did and nothing happened.

To Gabri3L:
The program crashes after executing mov. I checked EDX value, 5A455100, and it didn't exist
in the memory!!!
Anyway, I had to clear up my mind. After looking the new bourne's supremacy i had more energy.
LaDidi, i followed your instruction and looked if my application had a watchdog (i hope i
understand it right). I don't understand whats multithreaded, bud i saw some PEID plugin, KRYPTO ANALIZER.
I was stoned when i checked my dump!!! Check the attachment!!
I could not upload the attachment, so here are the cryptos.
BASE 64 table (referenced at 2 places)
BLOWFISH (ref. at one place)
CRC32 (2 places)
List of primes (long), (1 time)
PI fraction (NIMBUS/BLOWFISH) (1 time)
SHA1/RIPEMD-160 (init) (1 time)

I got an idea. I changed one bit in the original (not dumped file) and same happened (closing after a splashscreen, the same like my dumped file!!).

The only crypto i heard of is CRC32. I had an idea. I checked another 3 files of this application (they weren't protected with hardlock envelope, no .protect section). But they had also the CRC32 checksum algorithm.
I changed at many places some bytes, and the application still runs perfectly!!. Conclusion: it's not CRC32 who's crashing my dump.

Because i don't know very much about another type of cryptos, i am asking you to help me. I am looking for infos about these cryptos. Do you know which could crash my dump?
It would be great for some cool links.
Regards, MAHMUT
Last edited by MAHMUT; 02-28-2005 at 01:54.
Reply With Quote