now for the end of your stolen,please read all my three tut, regarding this. you should pay attention to the address pushed to the stack ,which either be a return address or address that you are at, from which you can determine the last of your stolen.(please look lownoise post, it has the correct stolen bytes).
note:
what you see in the trace is the excution of your stolen bytes, and sometimes part of the code after the stolen , inside the asprotect, so don't copy all you see in the trace as stolen. learn from my three tut how you determine that.
Last edited by britedream; 03-24-2004 at 11:38.
|