Teddy Rogers Posted March 10, 2008 Posted March 10, 2008 PeSpin 1.32 Nice to see PeSpin being updated again... http://tuts4you.com/download.php?view.2183 Ted.
What Posted March 10, 2008 Posted March 10, 2008 Its DebugBlocker setup is very interesting. Its has its own nanomites, lea eax, eax. Its in compare jmps, 2 bytes, and when the exception occurs the parent process determines whether the jump would have been made, then sets the eip accordingly. I am not sure how to repair it yet, need to study it a little more. The rest is pretty easy, but the debugger blocker is a nuisance that must be killed.
cyberbob Posted March 12, 2008 Posted March 12, 2008 as you will see not only jumps are "calculated" by second process;) I think it's quite nice, solid feature
What Posted March 12, 2008 Posted March 12, 2008 Well I got all the protections unpacked by themselves, even for some reason found the crc calculation and patched it . As for doing all protection at once, I am going to say screw it, at least for a couple weeks, I want to see some straight forward code now. Maybe I will just sit and stare at some upx code,
Apuromafo Posted March 31, 2008 Posted March 31, 2008 shoo in forum japanese, was unpacked the pespin 1.32 the principal packer..(maybe that are debug blocked?)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now