it's not Delphi :facepalm:Quote:
Executable's PE is Borland Delphi 4. Which means he used a PE Mangler in order to protect his exe. Though I kinda suck at reversing. But I'm good at debugging/disassembling. I have looked into this with IDA Q. And I can say that this thing is clean. It's the packer / mangler giving those false positives :)
I didn't say it was Delphi. I said PE was changed to look like it was delphi.. I already know it's MASM. I have GMZ's standalone patch-by-patch executable unpacked. I had a bit of a trouble in this one because of the PE.Quote:
it's assembler code in masm32 syntax contain injector and dll plus my PE Loader...
:facepalm:Quote:
You can't understand me. The first d3d9 release of GMZ had Delphi PE. Do you even read what I write? Because I clearly said that it was MASM.Quote:
try build it
[Only registered and activated users can see links. Click Here To Register...]
Quote:
it's WAS NOT delphi PE :facepalm:Quote:
you're say it when i say hahaQuote:
Hold on I'll show you the proof.Quote:
you're say it when i say haha
peid\DiE signatures shit.Quote:
Quote:
[Only registered and activated users can see links. Click Here To Register...]
Do you believe me now ?
and CFF too :D (update it)Quote:
Yeah, it's CFF :D Still I showed you my proof. So, I wasn't lying. :pQuote:
you really belive this sigs?Quote:
Nope. Because most of the time it give wrong PE. Though it shows True PE sometimes (%48)Quote: