Hello!
Here I submitted IDATA+KILLERCODE for progg
"Advanced Office 2000 Password Recovery"
dump prog. at OEP(401000).
Paste my IDATA from 19A000h to 19E000h,
in PEDITOR enter values:
IAT RVA: 19A000; SIZE 0000013C
TLS RVA: 199000
Clear relocs.
Now set MY EIP: 0019D600...

Who can, will understand!
Soon I will write little tut, how forever
kill IAT_THUNK based tricks.

PS
Instruction at 59d632 forces jump..

Hi evaluator,

Well, this is a long ago thread but i am kinda stuck on DigiSecret
it's 1.1 (build 283)...

I unpacked it, rebuilt IAt normally... the dump doesnt crash like u said but it keeps popping up empty error messages, (1 every second ) and filled up my screen until i kill task!!!!

I think this is a kind of check in DS itself, but i remeber i said sometimes ago about some new AsProtect trick that only activated in DS 1.1 that makes my dump crash, could you explain further?

I downloaded your xdata.bin for APF but i dont have the same version anymore, looking at it din help me much!!!

Thanx,
Hope u still remember this thread :>

Here i uploaded for U.
Now upload your IT.TXT and IT.BIN
PEditor values:
EIP 145AD8
IT RVA 155000, SIZE 1A4

PS
this is for DS1.283

Yep thanx...

Here is mine...
RVA is 1D2000 , size 194h

Shall try urs after my dinner...
:>... u had no problem at all???


Erm.. how do i attach file???

paste in dump at 155000

Sorry, i mean how do i upload file???

Hmm urs work fine!!!!!! tink it's cos my IAT is smaller than yours... somehow...

Argh... i tot it's some stupid protection by Tamo again!!! That is the annoying part, u can never be sure whether it's your import table or whether it's some anti dumping trick!!!!
Anyway thanx...

Can you tell me how do upload file so in the future i can upload mine as well:>

Thanx,

Compress in zip, then press CHOOSE.

hi evaluator,

newbie question: how did you break at OEP? bpm 401000 x
did not work, so i am now waiting for /tracex to finish.
i shall try manual tracing if this does not break in an
hour or two. but please tell us your procedure.

also, did you work with ao20pr_p.zip or ao20pr_s.zip?
(i assume the target is the current one from
elcomsoft.com.

thanks. best regards,

tony

Oh okay...

Thanx... I realise that u cant add attachment when u want to edit ur post... anyway here is my IT if you are interested, i guess it's just Revirgin gave me the wrong IAT size and that makes the whole lot difference.. anyway wat was that new AsProtect feature you were talking about?