Hi, I've just unpacked powerstrip, protected with asprotect.... trying to run it , I receive an exception error, due to an instruction

mov al,[ebx]

I discovered that happens because outiside the call containing the instruction above, there's a call to GetVersion.
In original file it calls the GetModuleHandleA,pushes results in a location of memory and then pop this value in eax and them move in eax a value stored in memory....... I don't past code since don't want to go against board's rules..... btw I discovered that the zone of memory from wich data are fetched are initilized by GetVolumeInformationA, that's not run anymore after chaining the ip... my question is how to get the real call done since I've no the info of getvolume? is there any irc channel where I can discuss with you? thanks.......regards .....

-loman

write unresolved adress for fake GetVersion

U can also paste little disassembly here

seg000:0040287A call GetVersion <-Fake
seg000:0040287F lea edx, [ebp+var_4]
seg000:00402882 call sub_0_4027F8
seg000:00402887 mov ebx, eax
seg000:00402889 xor esi, esi


at 004027f8 we've

seg000:004027F8 push ebx
seg000:004027F9 push esi
seg000:004027FA add esp, 0FFFFFF00h
seg000:00402800 mov ebx, eax
seg000:00402802 jmp short FUNCTION

eax in dumped is C0000A04 while in original one is something as 8173A1A8,


seg000:00402804 inc ebx
seg000:00402805 mov al, [ebx] <-exception
seg000:00402807 test al, al
seg000:00402809 jz short primo_salto
seg000:0040280B cmp al, 20h
seg000:0040280D jbe short loc_0_402804

Congratz!

So it is:

GetCommandLineA


You are ~100 newb asked about incorrect
GetVersion (plugin use

how do you say it's getcommandlinea?? from what do you understand it??

are you reachable on irc?

Hi ,
Just search in the forum ...

Look at the next lines (after getversion) .

thanks

I've fixed it...now it works only under win998, on XP I receive a Exception Error..... I'll install debugger under it...