PDA

View Full Version : About REVIRGIN


neo
July 23rd, 2001, 22:47
I wonder something is the problem with me or is the problem with REVIRGIN.I was trying that example that is in the zip file .. i dumped the exe that is not problem..


I opened packed exe the reg.. and change the Oep 4010cc and i press Fetch Iat ..THen i pressed ITA resolved and resolve again and i got the same as in reso...txt


But next part is weird.. i know i have to trace what i didnt get i did and all was fine except the last to
131 00006500 00801E74 0000 ?????? ??????
132 00006504 00801E90 0000 ?????? ??????
133 00006508 00801EAC 0000 ?????? ??????
134 0000650C 00801EC8 0000 ?????? ??????
135 00006510 00801EE4 0000 ?????? ??????
136 00006514 00801F00 0000 ?????? ?????? <<<<<I get crash or freeze
137 00006518 00801F1C 0000 ?????? ?????? <<<<<i get crach or freeze


For trace i used trace all and i got crash then i said i will do ti again and i trace manually one by one and when i got to last to i alwasy go the freeze or crach or shtu down of the whole pc



so i wonder if i did something wrong... ??
Did some else got the same problem as me



NeO

NEO
July 24th, 2001, 10:44
Because normally you would use trace on that api you would get traced and after trace you would press REsolved again and you would api.. i dont know but i didnt have problem before i think but i am not sure i have win 98 and softice but i dont think that is the case..


NeO

Neo
July 24th, 2001, 10:54
I found it Advice : this tracer can crash or freeze your computer, so better choose tracer with about 5-10 selected entries then save the imports text file, if your pc crashes, you can load resolved imports at continue where it crashed.

So it normal but the hell i cant get that last 2 api's

NeO

NeO
July 24th, 2001, 11:10
Maybe i forgot to write that after i resolved(2 twice ) i got the same result as you see in zip in resolved.txt.. after i used trace that is where a problem beginned..


NeO

tsehp
July 25th, 2001, 02:03
the problem resides on the iat length : put 238 instead of 240, the two last ones are invalid entries. (read the doc)
the auto fetch feature just locates the iat entries but you have to correct it yourself sometimes.

so the two last ones will disappear from the list.