Results 1 to 2 of 2

Thread: trouble finding CALL ECX and hooking IAT in armadillo packed

  1. #1
    tim mactroy
    Guest

    trouble finding CALL ECX and hooking IAT in armadillo packed

    I will put bp o CreateThread and I will return to exe code but I get PUSH ECX instead Call ECX .
    The other problem is after getting into oep by searchin ff25 in bynary I cant find the jmps to imports and I get stuck with some garbage code
    Whats the solutions mates ?

    MCTroy
    good luck
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    arjuns
    Guest

    trouble finding CALL ECX and hooking IAT in armadillo packed

    Accroding to my practice over Armadillo, there are two return after breaking on CreateThread, finally you get Call EDI or Call ECX that leads you to the OEP of that application.Put a Bp on that Call EDI of Call ECX there you get what you want.
    arjuns
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. having trouble understanding
    By MZ_66 in forum The Newbie Forum
    Replies: 2
    Last Post: March 7th, 2005, 21:01
  2. Function name of CALL <JMP.&MFC42.#xxx>
    By OnoSendai in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 14th, 2004, 12:19
  3. question about armadillo packed dll & IAT
    By lordsoth in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: July 25th, 2004, 11:55
  4. ASPR CALL EAX Loop
    By LaBBa in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: March 27th, 2003, 16:58
  5. MPR.DLL trouble
    By CccT in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 27th, 2002, 21:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •