#1
|
|||
|
|||
Unpacking SdProtector Pro
Did someone try to unpack this little protector:
http://www.sdprotector.com/std_setup.exe It doesn't seem hard.From what i saw it uses CreateProcess on itself and then exits? Could some look over it? Thanks bLaCk-eye |
#2
|
|||
|
|||
@ bLaCk-eye
Our friend Teerayoot did try to unpack but not much success. Here is the discussion on SD http://forum.accessroot.com/~access/forums/index.php?showtopic=515 Regards, |
#3
|
||||
|
||||
Quote:
A packer uses CreateProcess on itself to avoid any debugger. It's simple. Armadillo uses it. There is a rule, a process that is debugged for a program can not be debugged by another, so it uses createprocess to debug itself (well, it uses another method but it uses createprocess to make the first program a child process). Uses BPX createprocess or uses in olly the FILEATTACH handle to see that are 2 different handles for the same filename. Normally, the packers uses CreateProcess (Create SUSPEND). Then follow with writeprocessmemory to send code from the parent to his children ;-) If you want to "detach" a parent process form his child, in the debugger and on any free line of code use this: PUSH handle CALL kernel32.DebugActiveProcessStop. handle= is the handle that you get in Olly in File-Attach (use the handle of the child , of course) [EDIT:JMI Don't post a "Reply" to your own post. Use the "Edit" button and add it to your previous post.]Regards |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Problem with old SDProtector | Newbie_Cracker | General Discussion | 8 | 01-28-2008 07:16 |
SVKP, Armadillo or SDProtector | TmC | General Discussion | 15 | 12-10-2004 22:19 |