Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Request for EZCD x86 unpack Tutorial
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #26  
Old 11-03-2017, 03:55
mr.exodia mr.exodia is offline
Retired Moderator
  
Join Date: Nov 2011
Posts: 783
Rept. Given: 490
Rept. Rcvd 1,123 Times in 305 Posts
Thanks Given: 89
Thanks Rcvd at 716 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
I changed "push 100" to "push 0", put a breakpoint on the first occurrence of EB03, run, revert the patch to not trigger crc checks and you get a 'clean' IAT. You still have to move the IAT with a tool like UIF though...

The push 100 is a call that decrypts a buffer I believe, but I didn't look at it for a long time.
The Following User Says Thank You to mr.exodia For This Useful Post:
Benten (11-04-2017)
 

Tags
armadillo, armadillo unpacking, import elimination, tutorial request

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 22:26.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )