Thread: Code Injection
View Single Post
  #1  
Old 10-27-2003, 15:57
[NtSC]
 
Posts: n/a
Hummm--

*** I'd love to undestand how in general it is possible (if it is indeed possible) to stop an application as soon as it has been completely unpacked.
Could placing a breakpoint on the statement just before the OEP be a good general solution? ***

Yes... You could code an R3 Tool that loads the App.. Then you have to search for Signatures you can set Breakpoints on,and hangle down this locations until you catch a Point were the Application is unpacked.

Placing a Breakpoint on the Statement before the real OEP is indeed the Way to go..

Else you could hook some Api that gets called before the real OEP is executed...

As i already told Radier before,play with some examples..
Its not that much Voodoo as u think off it ;-)
Reply With Quote