LiSa
April 14th, 2008, 13:58
Hi,
I started to unpack a prog protected with custom arma. using arma detach with debugblokker, I traced and patched sun to accept finger print (code different than v4 et v5) and it run ok. then, I started as usual another session and used createthread to fish OEP and copy fresh IAT, fine...
Trouble come when I started to fight the copymem protection to dump the unencrypted program with nanos and faked iat to repair : armadetach can't detach (don't find cryptocall..), my old breakpoint on virtualAlloc or OutpuDebugStrigA are detected (even with defixed options turned on). Do someone have experienced such behavior ?
Are breaks on createmutex the only way to go ?
Best regads
L!sa
I started to unpack a prog protected with custom arma. using arma detach with debugblokker, I traced and patched sun to accept finger print (code different than v4 et v5) and it run ok. then, I started as usual another session and used createthread to fish OEP and copy fresh IAT, fine...
Trouble come when I started to fight the copymem protection to dump the unencrypted program with nanos and faked iat to repair : armadetach can't detach (don't find cryptocall..), my old breakpoint on virtualAlloc or OutpuDebugStrigA are detected (even with defixed options turned on). Do someone have experienced such behavior ?
Are breaks on createmutex the only way to go ?
Best regads
L!sa
