Jump to content
Tuts 4 You

Scylla 0.9.7.c error on DotFix Nice Protect 3.7


GIV

Recommended Posts

Huh, but in your main topic you state:

The IAT is not located correct in both 0.9.7b and 0.9.7c

My question was if it worked with 0.8 for example

Edited by Mr. eXoDia
Link to comment

@GIV: Probably you don't understand what I mean. If you test 0.8 and it works, this means there was a 'fix' in the iat search algorithm that didn't work. For developers it is much easier if you supply better information.

  • Like 1
Link to comment

lol.


And do you think i keep all backward versions to make  a test each time something is wrong?


The developer have the project and run in debug mode straight to the problem.


And on other hand maybe the code from 0.8.xx version is not compatible anymore with the latest build.


And even more if i go into your logic i will solve the bug myself once the sources are public.


But think a little with me:


What is the point for me to do that?


In this sense i will be transposed in author skin.


And where many get their hands on it results a mess.


So i leave the author to "sew" his method.


Or i have another option to keep my mind safe.


Just don't report any issue.

Link to comment
  • 4 months later...

Hey GIV,


 


thanks for the bug and sorry for the late reply. I think this should not be fixed, because this is only the VM OEP. If you recover the real OEP, this will work. It is hard to find the IAT, because this protector removed all "call dword ptr" instructions. There is no IAT reference in the code.


 


The only generic solution for this kind of stuff is: scan all memory for API addresses...


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...