Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page private exe protector unpacking?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #28  
Old 03-04-2020, 15:42
0xall0c 0xall0c is offline
Friend
  
Join Date: Mar 2018
Posts: 70
Rept. Given: 0
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 28
Thanks Rcvd at 68 Times in 36 Posts
0xall0c Reputation: 4
so i think this is doing something like xoring the first byte at that address where the exception is occuring, and as because registration is bypassed by xoring but our licence is still invalid so i get exception?

also this is wrapped by a loop and later one more loop to decrypt another function!!
dont know how i can validate the licence keys!

here:

Code:
push ebx
mov ebx,dword ptr ds:[eax]
xor ebx,dword ptr ds:[edx]
mov dword ptr ds:[ecx],ebx
mov ebx,dword ptr ds:[eax+4]
xor ebx,dword ptr ds:[edx+4]
mov dword ptr ds:[ecx+4],ebx
mov ebx,dword ptr ds:[eax+8]
xor ebx,dword ptr ds:[edx+8]
mov dword ptr ds:[ecx+8],ebx
mov eax,dword ptr ds:[eax+C]
xor eax,dword ptr ds:[edx+C]
mov dword ptr ds:[ecx+C],eax
pop ebx
ret
Last edited by 0xall0c; 03-04-2020 at 15:51. Reason: added more info
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 01:12.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )