Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Scylla 0.9.7.c error on DotFix Nice Protect 3.7

Featured Replies

Posted

Hi.


I recently discovered a new bug.


The IAT is not located correct in both 0.9.7b and 0.9.7c


Here is a video attached and the unpackme.


 


0.9.7.c_DotFix_3.7_IAT_Error.7z

Just a question: is it located with some older version of scylla?

  • Author

0.9.7b/c


Huh, but in your main topic you state:

The IAT is not located correct in both 0.9.7b and 0.9.7c

My question was if it worked with 0.8 for example

Edited by Mr. eXoDia

  • Author

I did not try with older versions.


I did not try with Imprec or Import Fixer.

Try it :) I think this will help..

  • Author

For what?


I can find IAT by myself.


I want the tool to find the right spot.


I cannot bounce between versions.


It will be no real use.


:)

@GIV: Probably you don't understand what I mean. If you test 0.8 and it works, this means there was a 'fix' in the iat search algorithm that didn't work. For developers it is much easier if you supply better information.

  • Author

lol.


And do you think i keep all backward versions to make  a test each time something is wrong?


The developer have the project and run in debug mode straight to the problem.


And on other hand maybe the code from 0.8.xx version is not compatible anymore with the latest build.


And even more if i go into your logic i will solve the bug myself once the sources are public.


But think a little with me:


What is the point for me to do that?


In this sense i will be transposed in author skin.


And where many get their hands on it results a mess.


So i leave the author to "sew" his method.


Or i have another option to keep my mind safe.


Just don't report any issue.

  • 4 months later...

Hey GIV,


 


thanks for the bug and sorry for the late reply. I think this should not be fixed, because this is only the VM OEP. If you recover the real OEP, this will work. It is hard to find the IAT, because this protector removed all "call dword ptr" instructions. There is no IAT reference in the code.


 


The only generic solution for this kind of stuff is: scan all memory for API addresses...


Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.