|
|
#2
04-05-2004, 16:31
|
|||
|
|||
|
Has it occurred to you to try to determine just what the heck these "17 pointers" are pointing to? They point to something, don't they?? Why not check them out.
If you ever want to learn manual unpacking, you eventually need to stop depending on ready made tools and actually learn how to trace an import table jump and learn what it is supposed to do and what the ones in your target are actually doing. You said you have protected "one of your own apps" with the protector. Has it occurred to you to "compare" the import table of the app "without" the protector to what it looks like "with" the protector????? Doesn't that seem like a good place to start???? Afterall, they have to have the "same" calls to the API's as the original and, if there are some extra, you would even know where they came from. Regards,
__________________
JMI 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| svkp | infern0 | General Discussion | 3 | 06-05-2011 18:34 |
| Import Rebuilding Without Import Table | Kerlingen | General Discussion | 11 | 01-13-2005 10:24 |
| The new svkp 143 | britedream | General Discussion | 3 | 09-19-2004 22:22 |
Threaded Mode