06.08.2009, 15:03
|
|
Познающий
Регистрация: 06.06.2009
Сообщений: 47
Провел на форуме:
437301
Репутация:
15
|
|
Собственно почитал прилагающийся мануал к армагедону потыкался и
в резалте не че не получилось пока.
Вот лог :
PHP код:
OS--> Microsoft Windows XP Professional Service Pack 3 (build 2600)
<------- 08/06/2009 13:55:39 ------->
Loading target: HoldemInspector2.exe Process ID: 2B0 Processing target...
=================================
Debug Blocker detected child Process ID: 96C child Thread ID: 268
=================================
STRATEGIC CODE SPLICING ENABLED!
Code Splicing Section: .text Old VMaddress: 029A0000 Old VMsize: 0001FFDC
=================================
IAT VARIABLE REDIRECTION DISABLED!
VM address: 014FA74F VM variable: 0152723C
=================================
IAT ELIMINATION DISABLED!
IAT elimination section: .data1 Old VMaddress: 016F2148
New VMaddress: 009AF000
================================
IAT FIXED REDIRECTION DISABLED!
VM address: 014FABE4
================================
Tracing to OEP...
=================================
------- Code Splicing -------
Process memory buffered successfully.
Fixing spliced segments... Potential residue after
0040C756 [Rejected] MOV EDI,EDI (be prepared to
fix manually). Potential residue after 0040C7A9
[Accepted] MOV EDI,EDI (be prepared to fix manually)
. Potential residue after 0040E12D [Rejected] MOV
EDI,EDI (be prepared to fix manually). Potential
residue after 004400C8 [Accepted] MOV EDI,EDI
(be prepared to fix manually). Potential residue
after 004405E3 [Accepted] MOV EDI,EDI (be prepared
to fix manually). Potential residue after 004414E8
[Accepted] MOV EDI,EDI (be prepared to fix manually).
1912 splices repaired... Splice repairing complete.
Patching process... Patch successful.
=================================
Dumping target... Dump done! Saved to: 2.exe
=================================
Rebuilding Imports... Rebuilding Imports completed
Return code: 0 Now, you should test your target. Good luck :)
=================================
IAT RVA: 005AF000 IAT Size: 00000F70 OEP VA:
004E74F6 OEP RVA: 000E74F6 OEP call return VA:
014FF443 Exit Process ID: 2B0 Saving logfile... Done.
Из ходя из доков армагедона то [Rejected] и (be prepared to fix manually) не есть хорошо !
Ток я не понял какой из сохраненных надо коывырять (имя).ехе и (имя)_.ехе
первый не запускается вообще, 2 запускает олька => но при потытке прогнать вылетает ошибка!
Try to change EIP or pass exception to program.
В принципе догоняю что 2, но нафиг нужен 1... |
|
|