sope
August 6th, 2003, 10:27
Greetings Everybody
After reading a nice thread on obsidium i decided to give it a try & for me its an ocean of new things. Nevercome across such stuff. I mean its difficult to put all the things here, so i'll straight way ask where i have doubts.
Ok, using the info provided in the thread already i did reached 0x9B144A, F8 & i see a jmp table. Noted the values which were required for ImportRec.
RVA = 68B100 Size = 0xCD0
I used Gaia's plugins first but after 3 api resolving it closed the obsidium.exe file. So next i used Soldat's plugin but it failed to resolve anything. Ok after re-reading the thread again Soldat did told we have to select each & every api manually & Voila it found the address.
Faster way: Use Soldat's plugin first & then use Gaia's plugin it will find as much api as it can.
After this i had following below stuff invalid
Bpx 0x9E0B79 in search for the remaining can sombody cofirm if my guess is correct ?
Also bpx 0x9F7C08 i see few from oleaut32.dll like VariantChangeTypeEx, VarNet, VarNot, VarAdd etc...etc.. api address are
saved in 0xA7E820 to 0xA7E874. I want to ask do we have to consider this api tooo ?
& for the remaining i mean 68514C to 68580C i am just digging.
Hope people already builded the obsidium.exe understand my question. I am on w2k.
Regards
Sope.
After reading a nice thread on obsidium i decided to give it a try & for me its an ocean of new things. Nevercome across such stuff. I mean its difficult to put all the things here, so i'll straight way ask where i have doubts.
Ok, using the info provided in the thread already i did reached 0x9B144A, F8 & i see a jmp table. Noted the values which were required for ImportRec.
RVA = 68B100 Size = 0xCD0
I used Gaia's plugins first but after 3 api resolving it closed the obsidium.exe file. So next i used Soldat's plugin but it failed to resolve anything. Ok after re-reading the thread again Soldat did told we have to select each & every api manually & Voila it found the address.
Faster way: Use Soldat's plugin first & then use Gaia's plugin it will find as much api as it can.
After this i had following below stuff invalid
Code:
FThunk: 00685120 NbFunc: 00000004
0 00685120 ? 0000 007E3E90
0 00685124 ? 0000 007E3E9C
0 00685128 ? 0000 007E3EA8
0 0068512C ? 0000 007E3EB4
0 0068514C ? 0000 007E3EE4
0 0068535C ? 0000 007E3FE0
0 006854A0 ? 0000 007E43AC
0 006855AC ? 0000 007E459B
0 006857FC ? 0000 007E4913
0 0068580C ? 0000 007E492B
Bpx 0x9E0B79 in search for the remaining can sombody cofirm if my guess is correct ?
Code:
FThunk: 00685120 NbFunc: 00000004
1 00685120 user32.dll 0133 GetMonitorInfoA
1 00685124 user32.dll 014A GetSystemMetrics
1 00685128 user32.dll 00C7 EnumDisplayMonitors
1 0068512C user32.dll 0006 AnimateWindow
Also bpx 0x9F7C08 i see few from oleaut32.dll like VariantChangeTypeEx, VarNet, VarNot, VarAdd etc...etc.. api address are
saved in 0xA7E820 to 0xA7E874. I want to ask do we have to consider this api tooo ?
& for the remaining i mean 68514C to 68580C i am just digging.
Hope people already builded the obsidium.exe understand my question. I am on w2k.
Regards
Sope.