Hacking Asprotect 1.31

britedream · #1 06-13-2004, 12:26

sorry, but you didnot understand my point , I didnot call the address directly I used call LoadLibraryA, and patched through ollydbg, I understand where the kernel base is,but my point is that calling LoadLibraryA should be resolved by w2k, and it didn't.(thanks for your clarification).

#2 06-13-2004, 12:38

i see

the thing is, if you patch directly in olly 'call LoadLibraryA' it then codes a direct call to that api. i mean it IS a direct call here is the raw bytes for the two calls:

Quote:

00476FDC: E88069A077 call 077A40161
00476FE6: E84743A077 call 077A3DB32

it uses 'E8' which is a direct call. this is an honest oversight and nothing to argue about, cuz it is what it is... a direct call. this is why i fixed it to an indirect call 'FF15' and the address pointer to the appropriate api.

sorry mate

britedream · #3 06-13-2004, 12:43

I see it now, ollydbg resolves LoadLibrary to its address in xp when I save the patch, when you run it on w2k the address sure will be different.so to go around it you went after LoadLibrary through the import.thanks fruitful discussion

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hacking a VB-Prog	mr Xor	General Discussion	4	02-17-2004 18:38