Web
: http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com
Answwwer 2.5
Type : Search Tool Crack :
Dumping + IAT Fix :
Protection : ASProtect
Tech : Unpacking
BPX GETVOLUMEINFORMATIONA
/tracex
52b022 eip-8
Use tracex till we reach here ...
015F:0052B6D0
55 PUSH EBP <<--- OEP
015F:0052B6D1 8BEC MOV EBP,ESP
015F:0052B6D3 83C4F4 ADD ESP,-0C
015F:0052B6D6 53 PUSH EBX
015F:0052B6D7 B800B35200 MOV EAX,0052B300
015F:0052B6DC E823A8EDFF CALL 00405F04
015F:0052B6E1 8B1D90F45200 MOV EBX,[0052F490]
015F:0052B6E7 8B03 MOV EAX,[EBX]
015F:0052B6E9 E8BA81F0FF CALL 004338A8
015F:0052B6EE 8B03 MOV EAX,[EBX]
015F:0052B6F0 BA5CB75200 MOV EDX,0052B75C
015F:0052B6F5 E8C67EF0FF CALL 004335C0
015F:0052B6FA 8B0D0CF35200 MOV ECX,[0052F30C]
015F:0052B700 8B03 MOV EAX,[EBX]
015F:0052B702 8B155C6A5000 MOV EDX,[00506A5C]
015F:0052B708 E8B381F0FF CALL 004338C0
015F:0052B70D 8B0D78F45200 MOV ECX,[0052F478]
015F:0052B713 8B03 MOV EAX,[EBX]
015F:0052B715 8B1580F04E00 MOV EDX,[004EF080]
015F:0052B71B E8A081F0FF CALL 004338C0
015F:0052B720 8B0D90F55200 MOV ECX,[0052F590]
015F:0052B726 8B03 MOV EAX,[EBX]
In ImpRec :
OEP = 12B6D0
Click "IAT Auto Search" ... "Show Invalid" ... "Auto
Trace"
Use ASProtect Plugin on invalid ptr....
Fix Dump File ...
File Size Check :
015F:0052AFBC
8B45FC MOV EAX,[EBP-04]
015F:0052AFBF E8B8B5FBFF CALL 004E657C
015F:0052AFC4 3D10EB0900 CMP EAX,0009EB10 <--- Size Chk
015F:0052AFC9 7E21 JLE 0052AFEC >>> EAX=0019F000
015F:0052AFCB 6A30 PUSH 30
015F:0052AFCD 6850B05200 PUSH 0052B050
015F:0052AFD2 6860B05200 PUSH 0052B060
015F:0052AFD7 6A00 PUSH 00
015F:0052AFD9 E852B9EDFF CALL USER32!MessageBoxA
015F:0052AFDE A190F45200 MOV EAX,[0052F490]
Offset :
12AFC5
10 EB 09 00 ---> 00 F0 19 00
30 Day Count stored in :
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{CB33B048-E750-D08C-04AA-41EA7094E5