Hi to all,

I want to know if this happend to someone:
I open regmon and then I start aspack 2.11.
Regmon dissapears and its folder cannot be closed.

Mustapha

Hi,

That's an anti-monitor trick used by some packers which uses I think it was GetClassInfoExA or GetClassInfo to detect if Regmon and Filemon is open. I think it also uses EnumWindows. Try setting a BP on these and see if you can find the class string name the packer is searching for The solution then is just to change the name of these classes in both Regmon and Filemon with a hex editor and use these modified monitors whenever you have this problem (a 1 letter change will be enough)

Good Luck,
Kayaker

Hi Mustapha,

Sorry, I steered you wrong there, it was GetClassNameA. I didn't have a chance to double-check when I first posted.

Try starting Regmon/Filemon then set the BP to display the 2nd stack parameter:

bpx GetClassNameA do "dd esp->8"

Then start your proggy and keep pressing F5 until you see the Regmon/Filemon Class name come up in the data window. This should give you the clue what to look for and change in the monitors themselves.

Kayaker

Hi !

well try at protools my anti-filemon & regmon detection patches, if you still can't get it mail me !

[]'z
Snacker