|
|
#2
12-12-2005, 16:47
|
|||
|
|||
|
target version 3.2 sr6
MD5= 063220da662761f8ab27c92d57f68a49 ; HFFR.exe last exception: 03A12CF2 31C0 XOR EAX,EAX 03A12CF4 64:FF30 PUSH DWORD PTR FS:[EAX] 03A12CF7 64:8920 MOV DWORD PTR FS:[EAX],ESP 03A12CFA 3100 XOR DWORD PTR DS:[EAX],EAX Dunno what you have been doing , but i put memory bp on 2nd section , passed last exception to program i landed here: oep: 00432236 55 PUSH EBP 00432237 8BEC MOV EBP,ESP 00432239 6A FF PUSH -1 0043223B 68 F04A4000 PUSH HFFR.00404AF0 00432240 68 FA214300 PUSH HFFR.004321FA ; JMP to msvcrt._except_handler3 00432245 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 0043224B 50 PUSH EAX 0043224C 64:8925 0000000>MOV DWORD PTR FS:[0],ESP 00432253 83EC 68 SUB ESP,68 00432256 53 PUSH EBX 00432257 56 PUSH ESI 00432258 57 PUSH EDI 00432259 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 0043225C 33DB XOR EBX,EBX 0043225E 895D FC MOV DWORD PTR SS:[EBP-4],EBX 00432261 6A 02 PUSH 2 00432263 FF15 E8174000 CALL DWORD PTR DS:[4017E8] ; msvcrt.__set_app_type MS VC target... anti-dump 004222EA FFD0 CALL EAX //nop it otherwise you will get funny MsgBox: "Shame On You" "Protection not found !" Last edited by hosiminh; 12-12-2005 at 17:10. 
|
| Thread Tools | |
| Display Modes | |
|
|
Threaded Mode