Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 02-09-2006, 09:11 PM
fatman fatman is offline
Junior Member
 
Join Date: Jan 2006
Posts: 1
Default

Hi all
Because One Picture worths thousand words I have attached a small files

show you 2 diffrent cases with unpacking arms where I could not locate OEP...


[attachmentid=20]
Reply With Quote
  #2  
Old 02-10-2006, 03:56 PM
AndreaGeddon AndreaGeddon is offline
Administrator
 
Join Date: Dec 2002
Location: Italy
Posts: 42
Default

Quote:
Originally posted by fatman@Feb 10 2006, 01:11 AM
Hi all
Because One Picture worths thousand words I have attached a small files

show you 2 diffrent cases with unpacking arms where I could not locate OEP...
[attachmentid=20]
[snapback]1280[/snapback]
armadillo uses 2 processes, so if you are running the parent process you are never executing the real oep. You can find
it analizing the debug loop, or the child itself.
You should try to analize the code, there is no point in following instructions like "break on this" "look for call edi" or whatever
Bye
AndreaGeddon
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.