I resolved some days ago a crackme wich had stolen bytes, and stopped once in the place that you points to write in code a jmp xxxx, the program never reach that address in program code but it stopped in xxxx.
Studying the code i understood it was stolen bytes place, the code is not clean but very hidden and you nedd a while to figure out what is going on.
With this target i tried to do the same but stops many times in that place to write in code, what i did was to put a breackpoint every place the jmp pointed and after last exception see wich one stopped.
It stopped twice which i say could be where stolen bytes start, the problem is if i use run trace until OEP i got about 4000 lines of code and is very hard to follow someting there.
you don't say how many times stops in that place when writing, as i said i use windows 98 and the program stops many times there, maybe in other os is different.
|