'llo,
I tried to dump Hitman which is protected by safedisc2 but i get an corrupted exe (wrong datas) because i traced to the OEP (i think it's 40154C) with icedump and when sice pops up, the code is fully corrupted.

Thanks for your help...
MT.

0040154C public start
0040154C start proc near
..

why not 'bpm 40154c x' ?

or trace 100h bytes from hitmans entrypoint to this code (entrypoint at 40d1fd)

0040D27B loc_40D27B: ; CODE XREF: start+76j
0040D27B ; DATA XREF: start+4o ...
0040D27B jmp loc_40154C

and make sure u are using the original cd :-)

also, hitman uses safedisc 'api' .. this means after u have traced the process to entrypoint, a little bit of it is still encrypted.. im my hitman.exe, its the proc @ rva 401040

simply bpm 401040 x, and let the exe run, first break, it should be a jmp to the decrypt proc, second break, it should be the decrypted code ..

hey what a fucker. check the proc at 401040

00401040 _WinMain@16 proc near ; CODE XREF: start+DBp
00401040
00401040 var_20C = byte ptr -20Ch
00401040 var_108 = byte ptr -108h
00401040 var_107 = byte ptr -107h
00401040 arg_0 = dword ptr 4
00401040 arg_8 = dword ptr 0Ch
00401040
00401040 sub esp, 20Ch
00401046 push ebx
00401047 push esi
00401048 push offset aHitboy ; "Hitboy"
0040104D push 0
0040104F push 0
00401051 call ds:CreateMutexA
00401057 call ds:GetLastError

also, system.dll is protected using the same technique . (except has two encrypted procs)