Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Dillo protected DLL
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #16  
Old 08-28-2005, 03:54
5Alive 5Alive is offline
Friend
  
Join Date: Aug 2003
Posts: 82
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
5Alive Reputation: 0
Quote:
Originally Posted by Archer
I'm almost sure that OEP can't be 1 byte away from EP of the protected DLL (if it is so, something is wrong, maybe script or you misunderstand something).
You are right, and at this point I don't have enough experience to know what is wrong - perhaps both!

Quote:
Originally Posted by Archer
And how can PE Explorer show OEP of the protected DLL? AFAIK it can show EP, but not OEP.
Yest it's shows the EP only, I was just using this to illustrate that EP and OEP differ by one byte.

Quote:
Originally Posted by Archer
And if you enter EP in ImpRec maybe it's trying to restore Arma's import table, but you need real dll's table. Try to look for it with hands and manually enter table's address (do it on OEP).
I'll see if I can find the start and size of the table manually, I still need to confirm I've got the right OEP address first.

5aLIVE.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why can't I re-Dillo it? Flagmax General Discussion 8 07-31-2004 03:30


All times are GMT +8. The time now is 02:10.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )