|
|
|
|
#1
06-27-2004, 04:00
|
|||
|
|||
|
Hmmm...
Doesn't seem to work for me. When I follow your method, Sice breaks in the area 0x8xxxxxxx. Then it reboots my machine. (I'm on XP, Driverstudio 3.1 and IceExt 0.64).
Any good ideas? regards, 
|
|
#2
06-27-2004, 09:58
|
|||
|
|||
|
then something most be wrong with your SICE or not well hidden .. then SICE detection reboots your machine somehow ... at OEP there's NOP data 9090909090 ... the loader will write CC at 00401380
when you do bpint3 SICE should break and then you'll be able to write back 90 then you'll be able to dump .. maybe you're trying with the DEMO version?? i wrote this was for full version .. i haven't try with the DEMO.. OEP location most be difference for it.  anway you can try any other method to be able to reach OEP and dump.. now you know where is OEP 
Last edited by Crk; 06-27-2004 at 10:06.
|
|
#3
06-27-2004, 23:33
|
|||
|
|||
|
I have an old script for svkp try to use it , and don't pay attention to the msg. displayed, it isn't meant for vb targets. try it.here it is.
|
|
#4
06-28-2004, 00:44
|
|||
|
|||
|
@Crk, are you saying that you have dumped a working executable of the program? if so I like to have it.
|
|
#5
06-28-2004, 03:13
|
|||
|
|||
|
So do I...
So do I.
 I can't get a dump as described, and britedreams script didn't work either. The reason I wanted to dump it was to take a closer look at the protection that lies in the program code itself. As far as I understand the program is protected by a strong protection (hash code)to prevent any changes in the code. That's interesting. So if you have a dump, I would love to get my hands on a copy. regards, hobgoblin
|
|
#6
06-28-2004, 04:09
|
|||
|
|||
|
Quote:
|
|
#7
06-28-2004, 04:22
|
|||
|
|||
|
Well,
Is that all?
Just kidding. Your answer give me the info I need. I just don't want to spend my time on a bastard like this one. I'm going back to studying the new Asprotect instead..... regards, hobgoblin
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
