Thread: Request for EZCD x86 unpack Tutorial
View Single Post
  #1  
Old 11-04-2017, 06:24
Benten Benten is offline
Friend
  
Join Date: Sep 2017
Location: Oh that's personal stuff, Don't want MI6 at my Mom's face
Posts: 24
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 13 Times in 9 Posts
Benten Reputation: 3
Hey guys,

We had hell of a party yesterday.

OK back to business, I believe the reason scylla won't find useful imports is because there is a memory bridge and the IT needs to be rebuild manually.

Code:
At the OEP there are no more splices jmp, and the seemingly innocent API Calls, 
like the one below:

At the OEP

Now if we follow the first call to GetModuleHandleA, we land at the bridge:

The Infamous Bridge

Now if you follow the first long Jmp we land here:

The thing I believe is an Emulation.
That's where I am right now. We have this thing discussed in the AndreaGeddon PDF, which I uploaded a while ago.

Code:
We get a description on how to defeat this and a program too, 
but the call's we saw are a new thing I guess,

AndreaGeddon IAT Rebuilding
May be this is where I should stop (A newbie's definitely not gonna make it), but I am definitely gonna try.
Also I am trying to replace the ECDSA parameters to register this app and then dump it. Like Mr.Exodia told me to do, but that takes a lot of learning as well.

Ok guys our FAQ lnk's down, if admin guys see this please fix it; Also can we have a shout box too, it's really cool to have one. And a signature too, I mean I have to edit and add that respect line every time I post
Last edited by Benten; 11-04-2017 at 06:44. Reason: Respects to Mr. Exodia & Mr. SmilingWolf