Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Thursday, June 04 2020 @ 10:17 AM CEST
Solution to haggar's clone keygenme | 9 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Solution to haggar's clone keygenme
Authored by: eraser on Thursday, April 12 2007 @ 06:23 PM CEST

There is a little problem with your clone_dump_fixed.exe unwrapped file. The OEP is not at 40101D (0x101D) but at 401000 (0x1000) - use LordPE/HexEDIT and the first two pop eax opcodes (58 58) should be 6A 00 (push 0) - use HexEDIT.

After this modification everything works fine and the file is fully executable.

00401000 . 58 pop eax
00401001 . 58 pop eax
00401002 . E8 77050000 call [jmp.&kernel32.GetModuleHandleA]
00401007 . A3 80304000 mov dword ptr [403080], eax
0040100C . FF35 80304000 push dword ptr [403080] ; /Arg1 = 00400000
00401012 . E8 06000000 call [ModuleEntryPoint] ; 040101D=[ModuleEntryPoint]


00401000 . 6A 00 push 0 ; pModule = NULL
00401002 . E8 77050000 call [jmp.&kernel32.GetModuleHandleA] ; GetModuleHandleA

---
the real failure is when you don't learn anything from any given situation

 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.76 seconds