Shefo Posted August 25, 2016 Posted August 25, 2016 Hi there, In x32dbg when i try to patch file it shows me 0/x patch(es) applied knowing that i try to change Jne to Jmp or adding mov al,1 to an empty byte as in these images
mrexodia Posted August 25, 2016 Posted August 25, 2016 There can be various reasons for this. From the looks of it x64dbg cannot convert the VA to file offsets. This can be because of packing (eg your section has no raw size) or because of a bug in x64dbg. 1
Shefo Posted August 25, 2016 Author Posted August 25, 2016 Thanks for helping , but what should i do? if it is bugged?
mrexodia Posted August 25, 2016 Posted August 25, 2016 You could try to diagnose the VA to offset conversion. Can you find those instructions with something like CFF Explorer or a hex editor? I'm checking now with http://www.flightsimsoft.com/downloads/AS_PFPX_V126.exe but I'm not sure if that's the program you're looking at. 1
mrexodia Posted August 25, 2016 Posted August 25, 2016 Yeah so in your case the problem is that the section has no raw space at that point (it's packed with Themida): 1
Shefo Posted August 25, 2016 Author Posted August 25, 2016 (edited) yes it is the same program but version 105 . i tried to unpack it but when i open the unpacked one it tells me that the program maybe debugged or damaged and it doesn't open maybe i should rebuild imports? Edited August 25, 2016 by Shefo
Shefo Posted August 26, 2016 Author Posted August 26, 2016 No it is not the same program unfortunately
Shefo Posted September 3, 2016 Author Posted September 3, 2016 Do you know any good tutorial about Themida unpacking?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now