paranoja
June 1st, 2004, 19:30
can somebody tell me what I am doing wrong:
I downloaded NO NAMES
1) I did the eb fe trick at the writeprocessmem
2)stoped the debugger by calling stopdbug....
3)In child i set bpx on access on the first section. i get the oep at like 550bd6.
4)i dump it lordpe ->intelliscan.
5)find iat table by looking at a call 10 or so line blow.
6)***iat table is at like 7ce000 (3ce000) and it is 214 lines long.
(is this correct????????)
5)i go to imprec. put in 150bd6 oep, ***rva 3ce000 (is this the rva???), size 214. No invalid thunks no suspects.
6)fixed the dump
7)when i run the fixed prog it never shows no screen but exits.
Can someone help. I know bink_us worked on the same program and I wonder how far he got.
I need some replies, appreciated.
I downloaded NO NAMES
1) I did the eb fe trick at the writeprocessmem
2)stoped the debugger by calling stopdbug....
3)In child i set bpx on access on the first section. i get the oep at like 550bd6.
4)i dump it lordpe ->intelliscan.
5)find iat table by looking at a call 10 or so line blow.
6)***iat table is at like 7ce000 (3ce000) and it is 214 lines long.
(is this correct????????)
5)i go to imprec. put in 150bd6 oep, ***rva 3ce000 (is this the rva???), size 214. No invalid thunks no suspects.
6)fixed the dump
7)when i run the fixed prog it never shows no screen but exits.
Can someone help. I know bink_us worked on the same program and I wonder how far he got.
I need some replies, appreciated.