|
How to develop an unpacker - The StarForce case
Very cool presentation, published on the 7th April 2017 by Eloi Vanderbeken at the Sthack security conference in Bordeaux, about unpacking StarForce:
http://www.synacktiv.ninja/ressource..._synacktiv.pdf This unpacker is based on DLL injection and take care of recovering the OEP, API redirection, stolen bytes, debugger detection and hide from debugger routines. |
was more starforce proactive (which is weak as hell) as opposed to the real (disk) one so a bit 'meh'.. and in all his 'research' how come he didnt notice the flaw in starforces api 'rewrite' code where if you detoured all the exported functions to ff 25 xx xx xx xx ones it copied them verbatim, thus making the api resolution very very simple... and this information was known in 2003 or so when i found it...
|
not everybody has friends in the scene :D
|
| All times are GMT +8. The time now is 14:58. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX