Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page installshield trialware
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 12-14-2005, 21:00
toro toro is offline
VIP
  
Join Date: Aug 2004
Posts: 190
Rept. Given: 4
Rept. Rcvd 97 Times in 34 Posts
Thanks Given: 29
Thanks Rcvd at 161 Times in 52 Posts
toro Reputation: 97
installshield trialware
hi
i have a program that protected with installshield trialware. peid detected it as safedisc 3.00.00.

finding the oep is easy. but my problem is IAT.

the tecnique that used in it is for example :

CALL DWORD PTR DS:[XXXXXXXX]

and in XXXXXXXX :

push SEED1
pushfd
push ad
push esp
push SEED2
call dll.YYYYYYY
add esp,8
push 0
pop eax
popad
popfd
retn

and function YYYYYYYY use seed1 and seed2 and the position of caller function to produce the adress of dll import.

i can manually corect IAT by watching some place in YYYYYYY function.
but i need a way to automate it. i test patching YYYYYYY function to correct IAT or ollyscript. but in each approach i have some problem.

have anyone any way to automate correction of IAT?

regards
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 00:12.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )