|
|
#27
11-04-2017, 06:24
|
|||
|
|||
|
Hey guys,
We had hell of a party yesterday. OK back to business, I believe the reason scylla won't find useful imports is because there is a memory bridge and the IT needs to be rebuild manually. Code:
At the OEP there are no more splices jmp, and the seemingly innocent API Calls, like the one below: At the OEP Now if we follow the first call to GetModuleHandleA, we land at the bridge: The Infamous Bridge Now if you follow the first long Jmp we land here: The thing I believe is an Emulation. Code:
We get a description on how to defeat this and a program too, but the call's we saw are a new thing I guess, AndreaGeddon IAT Rebuilding  Also I am trying to replace the ECDSA parameters to register this app and then dump it. Like Mr.Exodia told me to do, but that takes a lot of learning as well. Ok guys our FAQ lnk's down, if admin guys see this please fix it; Also can we have a shout box too, it's really cool to have one. And a signature too, I mean I have to edit and add that respect line every time I post Last edited by Benten; 11-04-2017 at 06:44. Reason: Respects to Mr. Exodia & Mr. SmilingWolf |
| Tags |
| armadillo, armadillo unpacking, import elimination, tutorial request |
| Thread Tools | |
| Display Modes | |
|
|
Threaded Mode