|
|
#2
01-21-2005, 23:39
|
|||
|
|||
|
Hi,
I tried to do that for long time and now I believe that it's really impossible. The problem is that Safedisc modifies some bytes of the original program (let's call them stolen bytes) with instructions as int3, ud2, sgdt xxx, etc... and it needs to correct them at runtime, doing some kind of "debugging". When you load the program in Olly, Safecast fails to start this process and hangs on a WaitForSingleObject. If you change the value that is pushed before this call, with one of an existing object, you will be able to continue your stepping, to reach the OEP and to dump the full unpacked original program. In this way you can rebuild completely the IAT with Olly, but for recovering the stolen bytes you still need to use SoftIce and step into the routine that patch them. That was my experience... Regards, SystemeD 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Debug drivers -OllyDBG?SoftICE? | winndy | General Discussion | 6 | 12-15-2005 22:09 |
| OllyDbg long process Module debug Vulnerability | elephant | General Discussion | 1 | 04-04-2005 21:49 |
| Safedisc 3.0 | gunterg | General Discussion | 4 | 09-23-2004 16:45 |
Threaded Mode