Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page how unpack this -> EXECryptor
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-10-2005, 14:57
Relayer
 
Posts: n/a
But EXECryptor still not cracked )
Reply With Quote
  #2  
Old 08-10-2005, 22:36
Lunar_Dust
 
Posts: n/a
Question about the morphing, does it really matter?

Can you just make a DLL to inject which will scan the whole code section and dump it in 0x1000 blocks like how Arma can be attacked? Does the morphed code depend on the protector (like CALL instructions into protector code for example)

BTW I like those idea about patching CreateFile, but really you can debug CreateFile and do the same thing.

Really remember a debugger can use other things as breakpoints other than 0xCC. I have custom unpacker debugger code that uses other types of exceptions as its breakpoints...when exception comes thru it checks its internal table to see if it belongs to the debugger or not Perhaps this could be a improvement for Olly in the future, to allow the user to set custom exception breakpoints. Really in ring3 a debugger ownz azz over any program it just has to hide itself well and it can do this by debugging/emulating the instructions that the protector tries to use for detection.

-Lunar
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
EXECryptor omega_red General Discussion 12 11-02-2005 08:34


All times are GMT +8. The time now is 22:33.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )