Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page WinCE dll unpacking
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 01-15-2018, 22:49
leader leader is offline
Friend
  
Join Date: Oct 2017
Posts: 10
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 15
Thanks Rcvd at 3 Times in 2 Posts
leader Reputation: 0
WinCE dll unpacking
Hi,

I have a packed dll for WinCE and I wan't to analyse it.
Unfortunately I can not identify what protector is used.
It seems that the dll is unpack himself in the memory during runtime.
There is only 5 functions who does the unpacking/decompressing, so I decide to make a static unpacker for it.

I have a problem to analyse 2 short functions, and I don't know how to handle them:

Quote:
int __fastcall nullsub_1(int a1, int a2)
{
int (__fastcall *v2)(int, int); // r10

return v2(a1, a2);
}
Quote:
int __fastcall sub_10009F7E(int a1, int a2)
{
int (__fastcall *v2)(int, int); // r11

return v2(a1, a2);
}
Both functions are similar, and just calls another functions from memory with the arguments passed. The problem is that the functions pointer is never set, so I don't know what fucntions will be called. (v2 (r10 and r11) never assigned in the dll)

Maybe somebody can give me some tips how to handle this calls?

Regards,
leader
Reply With Quote
 

Tags
wince dll unpack

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
WinCE Floating-Point operators - HELP leader General Discussion 0 01-31-2018 03:18


All times are GMT +8. The time now is 22:41.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )