|
|
#16
10-28-2003, 15:56
|
|||
|
|||
|
so you have to wrote some kind of debugger, start app via createprocess and then in loop do WaitForDebugEvent, after start you can set bp at code location where loader writes unpacked section of code to memory, look if written unpacked code is what you are waiting for and if it is, you can patch code in memory, unset bp and let your app run.
maybe this helps 
|
|
#17
10-28-2003, 22:12
|
|||
|
|||
|
xobor it helps ... but that "look if written unpacked code is what you are waiting for" is kind of frightening.
 yaa
|
|
#18
10-29-2003, 14:48
|
|||
|
|||
|
hehe sorry for my ?English?
I mean that if you know you want to change e.g. 3B46FA7403 to 8B46FAEB03 you can wait in your debugee code for unpacking to 3B46FA7403 and then change it. I can't  explain it better so if it is not clear enough forget about it.regards
|
|
#19
10-30-2003, 04:00
|
|||
|
|||
|
Clear enough. Thx.
yaa
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Usermode APC Injection | WorldCrackersUnited | Source Code | 4 | 06-05-2017 15:42 |
Linear Mode
