|
|
|
|
#1
09-28-2004, 23:26
|
|||
|
|||
|
NEW APPROACH
You use mi OLD APPROACH of old tutes of armadillo, i have now a new approach completely diferent and work perfect in the last version and all versions old and new jeje.
Ricardo 
|
|
#2
09-29-2004, 10:18
|
|||
|
|||
|
Interesting
Eggi or Ricardo,
Have either of you noticed the following and have insight on it's meaning: 0062EB75 . 51 PUSH ECX 0062EB76 . 0FC9 BSWAP ECX 0062EB78 . F7D1 NOT ECX 0062EB7A . 50 PUSH EAX 0062EB7B . F7D0 NOT EAX 0062EB7D . B8 6D69656C MOV EAX,6C65696D 0062EB82 . 91 XCHG EAX,ECX 0062EB83 . B9 DEC0ADDE MOV ECX,DEADC0DE 0062EB88 . 91 XCHG EAX,ECX 0062EB89 . F7D0 NOT EAX 0062EB8B . 58 POP EAX 0062EB8C . F7D1 NOT ECX 0062EB8E . 59 POP ECX 0062EB8F . 9C PUSHFD 0062EB90 . 60 PUSHAD 0062EB91 . 33DB XOR EBX,EBX 0062EB93 . 74 03 JE SHORT mytarget.0062EB98 What's the significance at location 62EB83 which caught my eye but haven't dug any deeper when I was searching and trying to figure out the nanos on this one. Since I did a search for this same data throughout the source I found the same section of code duplicated many times throughout and deduced that it is part of obfuscation. Wackyass Last edited by Wackyass; 09-29-2004 at 10:28.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Armadillo DLL unpacking | SvensK | General Discussion | 6 | 11-18-2005 04:24 |
Hybrid Mode
