Thread: Problem with old AsProt
View Single Post
  #2  
Old 06-07-2005, 15:17
arnix arnix is offline
Friend
  
Join Date: Feb 2005
Posts: 68
Rept. Given: 11
Rept. Rcvd 18 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 6 Times in 4 Posts
arnix Reputation: 18
if the statement which you brought here is the correct one, then I think here are your stolen bytes:

55 PUSH EBP
8BEC MOV EBP,ESP
83C4 F4 ADD ESP,-0C
B8??????? MOV EAX, ????????


The value of ???????? you can get when you are on the fake OEP (005FD99F), just look at your EAX register.
Reply With Quote