|
To make the process run in one single Olly process you set a BP on all calls to OpenMutexA. There will be 2 of them when you break on the Call you will see a JNZ or some sort of conditional jump below the call. Reverse the conditional jump and run the program again. Do the same for the 2nd OpenMutexA call. But before pressing RUN while at that BP set your breakpoint on CreateThread and continue unpacking.
Usually the only problem you will face is if it is using nanomites. Then you will get INT3 violations using this trick.
__________________
-=RETIRED=--=http://cracking.accessroot.com=--=RETIRED=-
|