Thread: Unknown packer
View Single Post
  #3  
Old 04-09-2018, 06:07 AM
visions_of_eden visions_of_eden is offline
Member
 
Join Date: Nov 2010
Posts: 13
Default

Don't know .
I don't have lot of experience with packer .
I'm trying to figure out what it's doing .
Surely has code obfuscation , checksums on code ,check for soft break on used functions from kernel32 (checking INT3 opcode on first function instruction) , hardware break detection (using VEH).

Exe starts with some selft modofy code, then maps kernel32 functions manually resolving them and checking they are not been hooked and for soft Bp presence . Then decrypts real exe and jumps to OEP , but i still have to find a way to stop on OEP and be able to dump unencrypted exe .
Reply With Quote