Thread: Manual unpacking ESP hardware breakpoint
View Single Post
  #1  
Old 09-20-2004, 15:33
hosiminh hosiminh is offline
Friend
  
Join Date: Aug 2004
Posts: 202
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
hosiminh Reputation: 1
Manual unpacking ESP hardware breakpoint
Hello

I have noticed that in many tutorials about MUP with OllyDbg (Manual unpacking) people use this method : press F7 until you see that ESP register has changed (become red) and then you right click on ESP and choose the Follow in Dump ->then you select some bytes and put
Breakpoint -> Hardware, on Access -> Word then press F9 (x times) and you are at OEP (original entry point)
This technique can be used with y0da's Crypter 1.x , Aspack 2.xx ,Virogen Crypt ... but not with Asprotect ,Armadillo ,SVKP .


I am asking i anyone know why put bp here on ESP (i know that means "Extended Stack Pointer") ; what exactly happen by putting bp on ESP ?
Reply With Quote