View Single Post
  #7  
Old 03-08-2006, 04:48
Maximus Maximus is offline
Friend
 
Join Date: Nov 2005
Posts: 39
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Maximus Reputation: 0
Have you tried standard stack hr bpx? you can then obtain OEP.
If it is a standard packer (upx, asp, etc.) just bpx in IAT, take notice of instruction writing at IAT, rerun and brak at it. Then dump (original IAT will be kept), fix with found OEP, alter IAT pointers with LordPE to point the unscrewed/virgin IAT et voil¨¤ (ImpREC might help you locating real IAT size, I think).

Regards,
Maximus
(btw I found NOP+PUSHAD+CALL in some AsPack EP version)
Reply With Quote