Don't know .
I don't have lot of experience with packer .
I'm trying to figure out what it's doing .
Surely has code obfuscation , checksums on code ,check for soft break on used functions from kernel32 (checking INT3 opcode on first function instruction) , hardware break detection (using VEH).
Exe starts with some selft modofy code, then maps kernel32 functions manually resolving them and checking they are not been hooked and for soft Bp presence . Then decrypts real exe and jumps to OEP , but i still have to find a way to stop on OEP and be able to dump unencrypted exe .
|