View Full Version : sometimes it is hard to locate OEP
fatman
02-09-2006, 09:11 PM
Hi all
Because One Picture worths thousand words I have attached a small files
show you 2 diffrent cases with unpacking arms where I could not locate OEP...
[attachmentid=20]
AndreaGeddon
02-10-2006, 03:56 PM
Originally posted by fatman@Feb 10 2006, 01:11 AM
Hi all
Because One Picture worths thousand words I have attached a small files
show you 2 diffrent cases with unpacking arms where I could not locate OEP...
[attachmentid=20]
1280
armadillo uses 2 processes, so if you are running the parent process you are never executing the real oep. You can find
it analizing the debug loop, or the child itself.
You should try to analize the code, there is no point in following instructions like "break on this" "look for call edi" or whatever :)
Bye
AndreaGeddon
vBulletin® v3.6.4, Copyright ©2000-2015, Jelsoft Enterprises Ltd.