Made some progress. Finally was able to find OEP and dump unencrypted code , but some problems remains .
For example , all calls to external DLLs are made with a proxy at Runtime , so for now i have no way to statically analyze it since when i dump the exe i lose memory map where those calls are made .
Any idea on how to fix it ?
|