SHDN 4.12 Neolite compresion ! [Archive] - RCE Messageboard's Regroupment

View Full Version : SHDN 4.12 Neolite compresion !

DigitalBlade

January 8th, 2001, 10:19

Hi!

I've a strange problem with Shut Down Now 4.12 packed with neolite, after decompressing it i can't use the exe coz is withouy IAT !!
i unpack the exe simply with a bpx getprocaddres then after some f8 i find a jmp eax that seems the correct jump to exe entrypoint. What is my error ??

P.s. sorry for my really poor english

Bye

SpeKKel!

January 8th, 2001, 18:23

I did it this way:

-Unpack manually or with procdump.
-trace till 507ea8 and go in this call.
-Trace till 470564 ( jz 4705b3 ) and change the jz to a jump . ( some call's made here to kernel seterrormode)

After this it runs and you can disassemble.

Greetz.......SpeKKeL!..........