|
Thats interesting case...
original IDR64 repo contains only syskb2012/13/14.bin files
I guess these were produced from corresponding 64 bit Delphi
but taking into account that 32 bit *.bin packages also works... it sounds very suspicious,
do you think that 32 bit code from 32 bit Delphi would have the same patterns as in 64 bit? Do you see any system modules APIs detected by reusing it from 32 bit IDR?
Just thoughts aloud
|