Thread: x64dbg - Find OEP by section hop
View Single Post
  #4  
Old 01-17-2018, 02:08
mr.exodia mr.exodia is offline
Retired Moderator
  
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
From what I gathered the "Find OEP by section hop" (over/into) are equivalent to tracing over/into with the break condition: "mem.base(cip) != xxxxxxxx" where xxxxxxxx is the memory base of the current section (type mem.base(cip) in the calculator to find this value).
Reply With Quote
The Following 2 Users Say Thank You to mr.exodia For This Useful Post:
schrodyn (01-22-2018), Stingered (01-17-2018)