|
This issue really puzzles me!
I compared the keys and locations of the original, patched and build dll's, see below:
rlm1112.dll_ORG:
(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper)
rlm1112.dll_patched:
(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper) Injected a new 30 81 DF 02 40--
pubkey in this location
rlm1112.dll_build: (using the new 30 81 DF 02 40-- pubkey)
(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DF 02 40--(Identical to pubkey3 from Patched)
(offset from base_03) key3: 30 81 DE 02 40--(identified as pubkey by RLM_Helper) Identical to pubkey2 from ORG &
Patched
It appears that the build process inputs the new pubkey into location 2 instead of location 3 and for this reason
the pubkey is identified as 30 81 DE 02 40-- instead of 30 81 DF 02 40-- !!
Can anybody explain why this happens?
rgds
rcer
|