2 replies to this topic

[Ignatius]

I'm new to this so have been following a demo that I've seen. They use LordPE and Olly. I know that the LordPE site is down and I've managed to find a copy. Unfortunately, when I try to open the .exe file to see the PE header, it denies me access. I'm using XP Pro SP3 on NTFS. I wondered if it was related to permissions so checked them (I was logged on as Administrator) - they were fine. I even copied the file to a FAT32 partition (hence removing anything clever that's associated with NTFS) and I'm still denied access.

I have the .exe file that was used in the demo so I'm disappointed that I can't follow the procedure as shown. Does anyone have any ideas about what might be preventing LordPE examining the PE header? I wondered if my copy of LordPE had been modified in some way (unfortunately a possible consequence of it being hosted elsewhere as the official site is down) so I'm on the search for alternative copies or other free utilities that do exactly the same (changing PE header length, read/write/executable aspects of the various sections etc.).

Thanks in advance.

[FTPServerTools]

Your antivirus may be blocking the program. Thus you would not be able to access it...

[Ignatius]

Yes, since posting originally, I wondered if that was the problem. I have free AVG v8 so I disabled it (via msconfig) and also disabled the relevant services manually. I rebooted but access was still denied. I was well ****ed off so I uninstalled AVG and rebooted. LordPE could open the file so I could examine the PE Header.

I assume that there must have been some element of AVG still running, despite my attempt to stop it all. I'm happy that my copy of LordPE is functional but I really wish that the original author of the software would get the site up and running again. I'm not keen to get applications from other hosting sites as I can't be sure that they're "clean".