Search found 148 matches

you mean like this ksbunker

00401000 >PUSH ESP ; /pThreadId = 0012FFC4
00401001 PUSH 0 ; |CreationFlags = 0
004010 ...

cpuid is cpu id
its a serialising instruction that return details about your cpu
it takes arguments in eax and returns details in eax ,ebx,ecx and

for example with eax as 0 if you execute it w ...

How is it possible that you have known values of the parameters and I do not?

do you mean 7ffd6000 in pinfo = 7FFD6000

they are bogus values

turn on
options -> debuggging options --&g ...

the parameters are unknown to OllyDbg.

if it doesnt know it you can provide it externally

create a file named common.arg

inside it

type

STDFUNC ntdll.RtlCreateUserProcess <- ...

smss is a native executable and it runs in bootprocess also

native executable means an executable that runs when windows gui hasnt been initialised

for example the chkdsk program (your windows ...

never heard about ollydbg and its capabilities ? Smile

start --> run --> ollydbg -> view -> file ->smss.exe-> right click -> special -> peheader ->scroll down to Peheader.Im ...

smss (windows session manager service) is a native executable (IMAGE_SUBSYSTEM_NATIVE aka 0x01)

to load it in ollydbg you would have to modify the
subsystem flag to wither cui (console user inter ...

The only design problem I know is that you must not change the name in length of the program itself.

ah then that could be the problem i didnt like a crack3.exe on my desktop so while downlaodin ...

well since you rated it 6/10 i thought ill give a look

but it seems it crashes Sad

are you selfmodifying the code ??

raw code looks like

00000405 E8 58020000 CALL 00000662
0000040A ...

How do professional software developers deal with this? Integrate a stack controling code segment to adjust the xx dynamicly in:
Code:
MOV EBX, DWORD PR SS:

professional programmers never ha ...

eax = ebx = ecx = edx 32 bit
ax = bx = cx = dx =16 bit
al = bl = cl =dl = 8bit

shl shifts bit they are bit wise operators

so shl 16 shifts 16 bits to left and shr 16 shifts 16 bits to right

use VirtualAlloc()

here is a simple c code that allocates memory the comments are masm syntax that you have to play with

#include <stdio.h>
#include <windows.h>

int main (vo ...

there isnt one that works perfect

but there exists a few that are trying to get closer

as mentioned ida hexrays looks like ilfak is trying very hard

or you could check out boomerang
or chri ...

well whats ollydbg there for ?

0013E4C4 3002E6BC RETURN to Flash9c.3002E6BC from Flash9c.3019D250
0013E4C8 0317E000 ASCII "rrrrrrrrrrrrrrrrrrrrrshit"
0013E4CC 00000001
0013E4D0 ...

i dont know if you are still following this or not

but i hate to put suggestions anywhere without actually trying it

so after i posted i juggled a little

and i see this is not really much ...