#1
|
|||
|
|||
How to develop an unpacker - The StarForce case
Very cool presentation, published on the 7th April 2017 by Eloi Vanderbeken at the Sthack security conference in Bordeaux, about unpacking StarForce:
http://www.synacktiv.ninja/ressource..._synacktiv.pdf This unpacker is based on DLL injection and take care of recovering the OEP, API redirection, stolen bytes, debugger detection and hide from debugger routines. |
The Following User Says Thank You to elephant For This Useful Post: | ||
besoeso (04-13-2017) |
#2
|
|||
|
|||
was more starforce proactive (which is weak as hell) as opposed to the real (disk) one so a bit 'meh'.. and in all his 'research' how come he didnt notice the flaw in starforces api 'rewrite' code where if you detoured all the exported functions to ff 25 xx xx xx xx ones it copied them verbatim, thus making the api resolution very very simple... and this information was known in 2003 or so when i found it...
|
The Following User Says Thank You to evlncrn8 For This Useful Post: | ||
TechLord (04-13-2017) |
#3
|
|||
|
|||
not everybody has friends in the scene
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Particular Case of RAR Password Cracking | TmC | General Discussion | 5 | 03-05-2018 08:00 |
How can I develop Hook program? | tumtum | General Discussion | 1 | 02-09-2004 03:08 |