Quote:
|
Originally Posted by least
One interesting idea from one crackme I've heared of is this - it used SEH with singlestep exception; executed one instruction, overwrited the place with another one, executed it, then overwrited it with third,... quite messy to debug I think  There are unlimited posibilities... |
Hardly a new idea.. (I remember Rob Northern Copylock on Amiga used that, back in 1990 or maybe even earlier)
Getting around that isn't that hard either.. ie if you patch the decryption routine to store the unencrypted code copy somewhere else and then dump it to have a look at it. (or use a tracer that can trace through it)