w_a_r_1
June 18th, 2009, 03:02
I need a very small over vb target. Its full unpacked target which was packed with themida. On opening it performs a server check. First authorization nag come and then if the serial not available in authors database ...next nag comes...which perfomrs a countdown of 10 to 1 and get close..I tried to find out the verification routine and i got that routine. But there are few jmps which i am not getting where i have to patch..so need just a small help over it. Its almost done. But unable to make the right patch.
Verfication routine starts at VA
004831E0 > \55 PUSH EBP
004831E1 . 8BEC MOV EBP,ESP
004831E3 . 83EC 0C SUB ESP,0C
004831E6 . 68 F63E4000 PUSH <JMP.&msvbvm60.__vbaExceptHandler> ; SE handler installation
then nag come up by
00484272 . FF92 B0020000 CALL DWORD PTR DS:[EDX+2B0]
I tried to find the jmp which should bypass this nag so that main program should come up...but there are couple of jmps..so unable to make right patch.....Can anyone give me some idea where i have to make right patch.
Target:
http://www.2shared.com/file/5511429/e022bd1c/FIA.html
Cheers,
WAR1
Verfication routine starts at VA
004831E0 > \55 PUSH EBP
004831E1 . 8BEC MOV EBP,ESP
004831E3 . 83EC 0C SUB ESP,0C
004831E6 . 68 F63E4000 PUSH <JMP.&msvbvm60.__vbaExceptHandler> ; SE handler installation
then nag come up by
00484272 . FF92 B0020000 CALL DWORD PTR DS:[EDX+2B0]
I tried to find the jmp which should bypass this nag so that main program should come up...but there are couple of jmps..so unable to make right patch.....Can anyone give me some idea where i have to make right patch.
Target:
http://www.2shared.com/file/5511429/e022bd1c/FIA.html
Cheers,
WAR1
