Hi,
Target: Tsunami MPEG DVD Author PRO 2.1.5.77
hxxp://download1.pegasys-inc.com/download_files/TDAP-retail-2.1.5.77-en.exe
This tool is coded in delphi and seems to be protected by some custom packer,
Sections:
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
PEGASYS0
PEGASYS1
PEGASYS2
011AF000 - 011B090B (PEGASYS2) Some Unpacking routines, no anti-debugging
011A1001 (PEGASYS0) Here i begin to loose track, IDA gets fooled and OllyDbg cant analyse it
Code:
011A1001 90 NOP
011A1002 60 PUSHAD
011A1003 E8 03000000 CALL DVDAutho.011A100B
011A1008 -E9 EB045D45 JMP 467714F8
011A100D 55 PUSH EBP
011A100E C3 RETN
011A100F E8 01000000 CALL DVDAutho.011A1015
011A1014 EB 5D JMP SHORT DVDAutho.011A1073
011A1016 BB ECFFFFFF MOV EBX,-14
After unpacking the CODE Section the Program creates a thread with a simple anti-debugging-loop (Thread-Proc: 004E1390)
but i cant spot the OEP
Can anyone help me please
Greetz,
Cobi