Tsehp

just a quick support message. I just rebuilt T&R2 from softpointer - greetz to them as well

latest RV performed 99.9%. Got every API fixed with trace/emulate feature with *no* crash on Win2K SP2.

only one teeeny prob:-

0 001A81A4 77E8693D 010D KERNEL32.dll GetCurrentThreadId

RV missed the start of the call by a few bytes. Just manually entered the start of API and found 100%

Thanks mate. Took me only 15mins while my new colleague was out of my office for lunch . Congratulations.

Spl/\j

*G* Splaj you never supprise :-)))
as i always say...Congratz ....
/me hope he could be his new colleague hehe :-))

Cya and good day.
Bengi

hi
could you please give me some hint for dumping tag & rename.
i have problems finding the oep.
using softice 4.05, winice, iceload
tag & rename 2.0 build 2
i put a bpx createfilea and after that i f12 five times(the next f12 would run the prog and tracing with f8 finally leads into some kernel api i can't handle). then i used /tracex 400000 600000 and i get a hit at 5982b8 that looks like the OEP.

push ebp
mov ebp, esp
add esp,-00c
push ebx
push esi
push edi
mov eax, 597cb8
call 407298<-this call finally leads to getmodulehandlea

i use /pedump 400000 1982b8 dump.exe
i found out that there are 2 section the program needs
i dump them to disk
/dump e11000 17000 dump1.bin
/dump e30000 c000 dump2.bin
then i use PEDITOR to add the sections to my dumped exe and adjust the image size to e3c000 and the virtual offset.
the program runs and hangs. nothing happens. i think its not the real OEP. can you halp me?
thanx a lot
asterikz

asterikz t&r is a delphi app, dede will find for you.

Hehe +SplAj, you're a lucky one. I wish that RV would behave with me like it does with you.

Holy shit i thought someone hacked my account

....That original T&R2' post is almost a year old and I had a nice beta from Mr Smart that fixed the aspr GetWhatWeWant API's ......
just for me haaaah

So I just d/l 'NEW' T&R2.1 (what is with this guy...read the history file and he needs to go back to skool) and tried that ASPR plugin ...it failed. So now I have to write my own. So reverted to the manual way and fixed it in 30mins. Everyone should take care with that plugin, it gives false API or none resolved (which is better)... and you get runtime errors and spend days debugging.


While travelling I also fuxed that Adobe GoLive Vbox trial with Imprec tracer... that worked nicely... funniest was the passenger on the jet asked me what the 'black screen' was that kept appearing on my notebook hehehehehe.


Well u go away on vacation .........and the mods re-arrange the store just like Walmart ...I need to lurk around and find my way again...... 'Packing + Unpacking Forum ' wtf duh .????...

it's gooood to be [arrogantly] back

Spl/\j

Hope you've had a good vacation and there aren't damaged to much of your braincells ...

Yep untagged and renamed this prog without to much prob's.
Seems imprec1.4 sometimes refuses to load a plugin ?? tried with
imprec 1.3 and here all goes smooth?!
About that latest plugin>it's never released cause of that kernell
patching stuff

seems the one before does it's job ok(asprbeta2)
But who cares, manually resolving gives more satisfaction i think ?!

h'mm mis some old posts since the forum is rebuilded, wonder what they used imprec or r.v..

Ciao,

Spekkel

Hiya +SplAj:

Welcome back.... we missed u.

Signed,
-- FoxThree