Thread: Scylla x64/x86 Imports Reconstruction
View Single Post
  #66  
Old 02-12-2014, 19:27
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
  
Join Date: Feb 2006
Location: Syria
Posts: 1,045
Rept. Given: 509
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 336
Thanks Rcvd at 407 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
I know this is not a good Idea or stupid Idea ,but for unpacker when he work on unpack he can do this :
Quote:
when load apphelp.dll
search for
8B 4D 10 89 08 C7 45 E4 01 00 00 00 C7 45 FC FE FF FF FF 8B 45 E4
search for
75C63011 . 8B4D 10 mov ecx, dword ptr [ebp+0x10]
75C63014 8908 mov dword ptr [eax], ecx >>>> nop this
75C63016 . C745 E4 01000000 mov dword ptr [ebp-0x1C], 0x1
75C6301D > C745 FC FEFFFFFF mov dword ptr [ebp-0x4], -0x2
75C63024 . 8B45 E4 mov eax, dword ptr [ebp-0x1C]
and done . so no need to fix this .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote