Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page What's up with this Neolite packed DLL ???
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-04-2005, 19:51
wildmans
 
Posts: n/a
What's up with this Neolite packed DLL ???
Hey guys !

I've attached an dll. Let me first tell you im not making un unpack request in particual so I think I posted in the right category

As you can see, the DLL is packed with Neolite 2. The first bytes at the EP is an E9 A6 00 00 so a short jump to the start of the neolite unpack routine.

But I noticed a very strange thing !!! As soon as I load the DLL in olly, those first four bytes are actually CHANGED to E9 24 D9 FA FF which looks like an jump to a routine in the dll itself which almost immideatly terminated the dll.

How can that first jump be changed and by who ??? I know it is not a relocation adress as it is not listed in the reloc table..

Really like to know how this is possible ??? Maybe its something small but I cant seem to figure it out ! :P
Attached Files
File Type: rar dfb58hh.rar (204.7 KB, 9 views)
Last edited by wildmans; 10-04-2005 at 19:54.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 02:10.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )