k0s
March 28th, 2007, 12:25
Hi everybody when i search for "all intermodular calls" in olly all i get is:
Found intermodular calls
Address Disassembly Destination
771801F5 CALL 31500200
771803B4 CALL F7180865
77180550 CALL 9F1809FE
7718086C CALL BF180D3A
771808A4 CALL 8F180D73
771808E8 CALL 1F180DB8
77180920 CALL 27180DCB
7718155C CALL C8182132
771816D4 CALL F7181B85
77181868 CALL 9F181D16
77181B84 CALL BF182052
77181BBC CALL 8F18208B
77181C00 CALL 1F1820D0
77181C38 CALL 271820E3
77181DC5 CALL 62F81DCE
77182D94 CALL 70182F38
77182E84 CALL 7018302E
771835EC CALL 6E1837C0
77183A85 CALL 5F353A8B
77183A91 CALL 5F783A97
77183AAD CALL 5FD83AB3
77183AB5 CALL 5FE73ABB
77183AC1 CALL 60243AC7
771848B0 CALL 611E31BA
771991F5 CALL 600E0917
7719944C CALL 7590AFC3
7719C890 CALL BE19C895
7719D01C CALL 6120B927
771B9AED CALL 602A0EF5
771BEA98 CALL 01930687
771C3E13 CALL ntdll.772195BF
771C3EE4 CALL ntdll.772195CA
771C5253 CALL DWORD PTR DS:[77251128] kernel32.BaseQueryModuleData
771DC2B0 CALL 6409AD9E
771DC3B0 CALL 6409AE9E
771DC430 CALL 6409AF1E
771DC530 CALL 6409B01E
771DF3A3 CMP DWORD PTR SS:[EBP-1C],0 (Initial CPU selection)
771F09FA CALL F0962907
771F9D66 CALL ntdll.RtlAllocateMemoryZone ntdll.RtlAllocateMemoryZone
77206260 CALL F5F73908
7721AAE2 CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721ABED CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721AC1E CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721AC6C CALL ntdll.RtlFreeMemoryBlockLookaside ntdll.RtlFreeMemoryBlockLookaside
I know that i should get more than these because i have followed tutorials that crack specific programs and they show loads of intermodular calls. I used to get more calls than this, but one day they just dissapeared
I don't known if this is conneted but also when i start olly for the first time i get tow error messages about replacing the help files (i think).
I would really appreciate some help with this.
[EDIT] Yeah I've sorted it out, i discovered that i was just being stupid
i hadn't waited for the program to be analysed
Found intermodular calls
Address Disassembly Destination
771801F5 CALL 31500200
771803B4 CALL F7180865
77180550 CALL 9F1809FE
7718086C CALL BF180D3A
771808A4 CALL 8F180D73
771808E8 CALL 1F180DB8
77180920 CALL 27180DCB
7718155C CALL C8182132
771816D4 CALL F7181B85
77181868 CALL 9F181D16
77181B84 CALL BF182052
77181BBC CALL 8F18208B
77181C00 CALL 1F1820D0
77181C38 CALL 271820E3
77181DC5 CALL 62F81DCE
77182D94 CALL 70182F38
77182E84 CALL 7018302E
771835EC CALL 6E1837C0
77183A85 CALL 5F353A8B
77183A91 CALL 5F783A97
77183AAD CALL 5FD83AB3
77183AB5 CALL 5FE73ABB
77183AC1 CALL 60243AC7
771848B0 CALL 611E31BA
771991F5 CALL 600E0917
7719944C CALL 7590AFC3
7719C890 CALL BE19C895
7719D01C CALL 6120B927
771B9AED CALL 602A0EF5
771BEA98 CALL 01930687
771C3E13 CALL ntdll.772195BF
771C3EE4 CALL ntdll.772195CA
771C5253 CALL DWORD PTR DS:[77251128] kernel32.BaseQueryModuleData
771DC2B0 CALL 6409AD9E
771DC3B0 CALL 6409AE9E
771DC430 CALL 6409AF1E
771DC530 CALL 6409B01E
771DF3A3 CMP DWORD PTR SS:[EBP-1C],0 (Initial CPU selection)
771F09FA CALL F0962907
771F9D66 CALL ntdll.RtlAllocateMemoryZone ntdll.RtlAllocateMemoryZone
77206260 CALL F5F73908
7721AAE2 CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721ABED CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721AC1E CALL ntdll.RtlAllocateMemoryBlockLookasi ntdll.RtlAllocateMemoryBlockLookaside
7721AC6C CALL ntdll.RtlFreeMemoryBlockLookaside ntdll.RtlFreeMemoryBlockLookaside
I know that i should get more than these because i have followed tutorials that crack specific programs and they show loads of intermodular calls. I used to get more calls than this, but one day they just dissapeared
I don't known if this is conneted but also when i start olly for the first time i get tow error messages about replacing the help files (i think).
I would really appreciate some help with this.
[EDIT] Yeah I've sorted it out, i discovered that i was just being stupid
i hadn't waited for the program to be analysed