Log in

View Full Version : need Help (createProcess)

shaddar
March 5th, 2004, 16:48
hi there,

ok i'm currently trying to unpack a target which is somehow protecting itself by starting its main .exe again (createProcess) but with additional parameters.

now my question is, how can i follow that createProcess call in ollydbg? i'm already debugging the .exe but it doesn't break on the oep (because it's a different process i guess ). is that even possible with ollydbg? i hope so

thx in advance
shaddar
March 5th, 2004, 17:07
sorry, i already figured it out i think
ebfe on OEP and attaching another ollydbg instance works for me
nikolatesla20
March 6th, 2004, 02:56
What protection is this? I sounds like possibly SoftDefender.
johndoe1
March 6th, 2004, 09:26
Quote:
[Originally Posted by shaddar]sorry, i already figured it out i think
ebfe on OEP and attaching another ollydbg instance works for me


ebfe on OEP ????
shaddar
March 6th, 2004, 09:45
Quote:
[Originally Posted by johndoe1]ebfe on OEP ????


yup that worked but the .exe is reporting a virus if u don't hard-change it back on the 2nd run .

@nikolatesla20:
it's VOB ProtectCD. Version 5 i guess. too hard for me anyways
johndoe1
March 6th, 2004, 10:03
Quote:
[Originally Posted by shaddar]yup that worked but the .exe is reporting a virus if u don't hard-change it back on the 2nd run .

@nikolatesla20:
it's VOB ProtectCD. Version 5 i guess. too hard for me anyways


what the hell is ebfe ?????
shaddar
March 6th, 2004, 10:15
Quote:
[Originally Posted by johndoe1]what the hell is ebfe ?????


ebfe is the opcode for "jmp eip" (which will let the program run in a loop forever)