Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Manual unpacking ESP hardware breakpoint
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 09-20-2004, 15:33
hosiminh hosiminh is offline
Friend
  
Join Date: Aug 2004
Posts: 202
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
hosiminh Reputation: 1
Manual unpacking ESP hardware breakpoint
Hello

I have noticed that in many tutorials about MUP with OllyDbg (Manual unpacking) people use this method : press F7 until you see that ESP register has changed (become red) and then you right click on ESP and choose the Follow in Dump ->then you select some bytes and put
Breakpoint -> Hardware, on Access -> Word then press F9 (x times) and you are at OEP (original entry point)
This technique can be used with y0da's Crypter 1.x , Aspack 2.xx ,Virogen Crypt ... but not with Asprotect ,Armadillo ,SVKP .


I am asking i anyone know why put bp here on ESP (i know that means "Extended Stack Pointer") ; what exactly happen by putting bp on ESP ?
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 11:08.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )