Log in

View Full Version : Revirgin minor update -> Auto locate IAT start + length added !


tsehp
July 16th, 2001, 14:12
you can try it at usual location tsehp.cjb.net, the version 1.11 is here to download.
Please report me directly any bugs, thanks.

+Tsehp

Maggot
July 16th, 2001, 17:13
The only thing i want to say is Thank you

tsehp
July 16th, 2001, 17:36
Quote:
Maggot (07-16-2001 15:13):
The only thing i want to say is Thank you


yes but I was first very against this feature...just because it doesn't help newbies that absolutely need to know how to locate iat's by themselves so I hope this new feature will be used with wisdom. It's search domain is restrained by two dwords meaning we are at the start/end of iat domain, but iat start will always point to a valid one, so it's still more easy to locate the real iat domain. I already encountered some iat separated by about 100 zero filled dwords so be careful with this new feature.

I'm always open to new features, everyone is free to ask here.

regards,

tsehp

Maggot
July 16th, 2001, 19:48
I think it´s going to help newbies in some way. Cause when
they cant find the iat by themselves, they will hopefully find
it with your Revirgin. And if they are curious like most of us,
they will scream "How the hell did Revirgin find the iat".
Thats when (i hope)they will try harder to understand.


"Can i reverse Alexey Solodovnikov when he dies?"

hz
July 16th, 2001, 20:43
hiya.
"Can i reverse Alexey Solodovnikov when he dies?". How would you know he was really dead and it wasn't just his latest trick?.
Be a sad day for us if anythin happened to AS, he provides 50% of the fun on this forum. He has a good sense of humour top. Cheers AS.
regards

nc
July 16th, 2001, 23:00
tutor on aspr nearly done

expect it very soon, (i am making some small modifications after some ppl helpfully proof read it, thanks LaptoniC).

btw tsehp, sorry bout the beef in the other thread.

NchantA

CoDe_InSiDe
July 17th, 2001, 00:32
Hi +Tsehp,

I've downloaded Revirgin, but i've got some weird messages
I haven't tried the program itself (I don't use Revirgin so much ) but i get the messages at startup.

First of all i need to copy/overwrite the 2 .dll's with the ones from the .zip and they need to be copied/overwrite in the %systemroot% (My case C:\Windows\) right?
Ok, well i did that and i first started Revirgin from within the .zip file and i get this Message:

"Argument incorrect pour l'encodage de date" ??

Something with the programs date i think dunno
Ok, then i copied Revirgin.exe on my desktop and runned it, i get this message:

"Violation d'accés à l'adresse 004075D0 dans le module "REVIRGIN.EXE". Lecture de l'adresse BFF60000."

Hmm, reads from a bad Memory address i think
But when i click "Ok" the program just starts
And sometimes i get some message that i need to update "thread.dll" and/or "Tracer.dll" (also at startup) ??

Heh, that's weird while i'm writing this post i discovered that i can't run Revirgin.exe from "C:\" and/or from "D:\" ?? ;D

Well that's it for now

Cya...

CoDe_InSiDe

tsehp
July 17th, 2001, 06:27
Quote:
hz (07-16-2001 18:43):
hiya.
"Can i reverse Alexey Solodovnikov when he dies?". How would you know he was really dead and it wasn't just his latest trick?.
Be a sad day for us if anythin happened to AS, he provides 50% of the fun on this forum. He has a good sense of humour top. Cheers AS.
regards

entirely agree with you ;-)
how can black exist if white is not present ?
asprotect still remains my favorite target, most creative, copied by a lot of other schemes and no stupid ads like : the ultimate protection scheme in the world

tsehp
July 17th, 2001, 06:29
Quote:
CoDe_InSiDe (07-16-2001 22:32):
Hi +Tsehp,

I've downloaded Revirgin, but i've got some weird messages
I haven't tried the program itself (I don't use Revirgin so much ) but i get the messages at startup.

First of all i need to copy/overwrite the 2 .dll's with the ones from the .zip and they need to be copied/overwrite in the %systemroot% (My case C:\Windows\) right?
Ok, well i did that and i first started Revirgin from within the .zip file and i get this Message:

"Argument incorrect pour l'encodage de date" ??

Something with the programs date i think dunno
Ok, then i copied Revirgin.exe on my desktop and runned it, i get this message:

"Violation d'accés à l'adresse 004075D0 dans le module "REVIRGIN.EXE". Lecture de l'adresse BFF60000."

Hmm, reads from a bad Memory address i think
But when i click "Ok" the program just starts
And sometimes i get some message that i need to update "thread.dll" and/or "Tracer.dll" (also at startup) ??

Heh, that's weird while i'm writing this post i discovered that i can't run Revirgin.exe from "C:\" and/or from "D:\" ?? ;D

Well that's it for now

Cya...

CoDe_InSiDe


Ok I'll fix this for you, can you send me the exact version of windows you're using ?
I'll check right away on win_me this evening.

CoDe_InSiDe
July 17th, 2001, 06:46
Hi +Tsehp,

I'm using:

Win98SE 4.10.2222 A

Cya...

CoDe_InSiDe

goatass
July 17th, 2001, 09:48
Tsehp, make the error messages in English will ya )

just busting your balls pal

cheers
goatass

CoDe_InSiDe
July 17th, 2001, 10:22
Hi goatass,

Yes, that would be a good thing too

Cya...

CoDe_InSiDe

McNy@Work
July 17th, 2001, 13:41
Quote:
CoDe_InSiDe (07-17-2001 04:46):
Hi +Tsehp,

I'm using:

Win98SE 4.10.2222 A
...
CoDe_InSiDe


Same windows version and same message, but the address is different.

message:

"Violation d'accés ?l'adresse 004075D0 dans le module "REVIRGIN.EXE". Lecture de l'adresse BFF61000."

tsehp
July 18th, 2001, 01:39
hiya,
it's the rv kernel patcher that causes the problem, this will soon disappear in version 1.2 when I'll port the tracer to win nt.
I'm re installing win98 today and will fix this.

About the french error messages, those comes from borland c++ builder 5 french version, so three solutions :

1-send me a english borland c++ 5 trial cd rom
2-translate the french error messages into english into those libraries
3- learn french ;-)

maybe if someone can create an iso image I can download it...SLAP no crack/warez requests...grrr

regards;

+tsehp


tsehp

seir
July 18th, 2001, 10:44
Quote:
+Tsehp (07-18-2001 01:34):
About the french error messages, those comes from borland c++ builder 5 french version, so three solutions :

1-send me a english borland c++ 5 trial cd rom

tsehp


Borland C++ Compiler version 5.5 is available for free:
http://www.borland.com/bcppbuilder/freecompiler/

- seir

tsehp
July 18th, 2001, 15:19
Quote:
seir (07-18-2001 08:44):
Quote:
+Tsehp (07-18-2001 01:34):
About the french error messages, those comes from borland c++ builder 5 french version, so three solutions :

1-send me a english borland c++ 5 trial cd rom

tsehp


Borland C++ Compiler version 5.5 is available for free:
http://www.borland.com/bcppbuilder/freecompiler/

- seir


thanks but it's the whole i.d.e. that I need ;-)

tsehp
July 18th, 2001, 15:21
tested on win98 and win 2000 and fully working.
sorry for the problems occured by build 15.

CoDe_InSiDe
July 19th, 2001, 00:18
Hi +Tsehp,

Hey no problem, Bugs are everywhere ;D

Cya...

CoDe_InSiDe

tsehp
July 19th, 2001, 07:08
also added today (who pays me for this ;-)
a combo box to show unresolved entries.

stillnewbie
July 19th, 2001, 11:16
Quote:
+Tsehp (07-19-2001 05:08):
also added today (who pays me for this ;-)
a combo box to show unresolved entries.


Alexy pays
Btw I have test its great even in win95
ThankYou Tsehp

Heya CoDe_InSiDe,

>Bugs are everywhere ;D
yeah CoDe_InSiDe }>

stillnewbie
July 19th, 2001, 12:17
stillnewbie (07-19-2001 09:16):

Hiya CoDe_InSiDe,
>Bugs are everywhere ;D
>yeah CoDe_InSiDe }>

erhem Just joking
Btw thanks for the file.You have added sumthing hahaha its funny :-D
>Bugs are everywhere ;D
>yeah CoDe_InSiDe }>[/QUOTE]

CoDe_InSiDe
July 20th, 2001, 00:05
Haha stillnewbie ;D

Cya...

CoDe_InSiDe

tsehp
July 20th, 2001, 07:12
the next step is to change the tracer to make a generic one, it's working under win9x and manages to trace an app from start to beginning, allowing you to locate oep and later dump it.
I'm porting it to win2k so I needed to develop a kernel mode driver to make the same things than win9x, it's soon finished, maybe before august.
regards,

tsehp