Posted March 10, 200817 yr PeSpin 1.32 Nice to see PeSpin being updated again... http://tuts4you.com/download.php?view.2183 Ted.
March 10, 200817 yr Its DebugBlocker setup is very interesting. Its has its own nanomites, lea eax, eax. Its in compare jmps, 2 bytes, and when the exception occurs the parent process determines whether the jump would have been made, then sets the eip accordingly. I am not sure how to repair it yet, need to study it a little more. The rest is pretty easy, but the debugger blocker is a nuisance that must be killed.
March 12, 200817 yr as you will see not only jumps are "calculated" by second process;) I think it's quite nice, solid feature
March 12, 200817 yr Well I got all the protections unpacked by themselves, even for some reason found the crc calculation and patched it . As for doing all protection at once, I am going to say screw it, at least for a couple weeks, I want to see some straight forward code now. Maybe I will just sit and stare at some upx code,
March 31, 200817 yr shoo in forum japanese, was unpacked the pespin 1.32 the principal packer..(maybe that are debug blocked?)
Create an account or sign in to comment