Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page help patching apis
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-25-2006, 05:19
deroko's Avatar
deroko deroko is offline
cr4zyserb
  
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
Quote:
Originally Posted by Messer
When to patch: I think it's the best to patch at EP.
better is when primary thread is suspended =) So some protectors like execryptor cann't use OutputDebugStringA from TLS callback =) I'm still wondering why don't protection developers create a shellcode instead of %s%s%s, shellcode that will redirect eip to ExitProcess in olly so it will take a while for someone that didn't patch OutputDebugStringA to figure what is going on =) just rewrite ret address with offset of: push 0, call ExitProcess witihin olly.
__________________
http://accessroot.com
Reply With Quote
  #2  
Old 01-26-2006, 09:44
upb's Avatar
upb upb is offline
Friend
  
Join Date: Apr 2002
Location: Elbonia
Posts: 63
Rept. Given: 5
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
upb Reputation: 0
maybe its for the same reason they use three %s's when one %n would be enough or smth
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
APIs in Olly jump General Discussion 3 09-25-2013 19:03
EXE files and apis Warren General Discussion 9 09-02-2005 16:59


All times are GMT +8. The time now is 17:57.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )