Quote:
Originally Posted by mr.exodia
I just put myself through watching (part of) that tutorial (christ hearing my own 15 y/o voice was cringy) and I indeed mentioned both IAT elimination and redirection there in the same sentence. Had absolutely no clue what I was doing, but I probably meant to say that VirtualProtect is called to allow the code to be changed for import redirection (since it redirects to a random page it has to rewrite every absolute reference to the IAT).
As for bad tutorials, at the time I thought I was improving upon existing tutorials which was obviously not the case  perhaps it would be a good idea to set up some wiki somewhere so everybody can contribute and improve? |
Mr. Exodia, that was the nicest thing I've ever came across in my whole life. Now your place in my heart got even higher. Your tutorials, and the work you've done is so inspiring that I got into this unpacking thing. Now the way you commented above simply shows the world how better a person you are.
God Bless you. And thank you for not taking any offense.
As far as EZCD is concerned, I can't do it. I did some in lining and stuff but that didn't worked out so well for me. I've tried it for 2 days no sleep, now I look like a bloody mess. Also I believe that the EZCD is using ENHWID, cause I followed the Security.dll and found the below.
I tried your tut below, but with windows 10 & x64Dbg the certificates are loaded after LocalAlloc, I believe. So I am unable to put a memory break just like you've done it. so that's also struck.