Quote:
Originally Posted by Deathway
Don't worry, that problem about the ImageBase and some relocation offset will be fixed in 2 weeks, unfortunately I'm on exams
Thanks for your report
|
Isn't any news?
Anyone who wants to fix the bytes overwritten by NOP at the end of UnVMed routine (in case of DLLs with altered ImageBase), should patch following address:
Code:
10070412 |. 83C0 10 ADD EAX,10 -> 0D
It's because of disassembling the
EB 10 to long JMP. Also the
JNZ about that code can be patched to
JMP to skip NOP filling. Because of JMP an the end of UnVMed code, nopping of junk bytes is optional.
Deathway, please add an additional check in case of Long JMP to add only 0x0D NOPs (Maybe your plugin can not find actual ImageBase properly
).
Regards.