fira
March 4th, 2004, 09:10
Hi,
Just ran into something packed with y0da's crypter1.x/modified (according to petools and others), anyone seen something like this ?
Anyway, the thing is: i broke with sice with int3 on the packed program and there were some tricky jmps like this:
00569086 jmp 00569089
00569088 jmp FA189278
..............
so it jumps somewhere in between altering the subsequent instructions.(the jmp FA189278 changes in a jmp to another location). Now, I *know* I've seen a thread on this forum discussing this but I can't find it anymore, can anyone direct me to it ?
thanks a lot!
Just ran into something packed with y0da's crypter1.x/modified (according to petools and others), anyone seen something like this ?
Anyway, the thing is: i broke with sice with int3 on the packed program and there were some tricky jmps like this:
00569086 jmp 00569089
00569088 jmp FA189278
..............
so it jumps somewhere in between altering the subsequent instructions.(the jmp FA189278 changes in a jmp to another location). Now, I *know* I've seen a thread on this forum discussing this but I can't find it anymore, can anyone direct me to it ?
thanks a lot!