I can trace it only with spare time and it might cost
a long time for me. I'm not sure if i can do it.
At first i wish to unpack it rapidly with some
trick like memory access breakpoint and failed. It
seemed that the whole entry codes have
been moved into the packer.
My target now is to find out how the control
was given to the original program,and did not pay
attention to the IAT yet.
I ignored TLS callback function 0 now. I'm tracing
function 1 but not finished. It's not difficult to
write a script to pass through function0,function1
and stop at packer's EP,it can run happily under
OllyDbg,so the problem is patience and time.
and it has no any junk code,good news.
I'll spend my holiday soon. But I won't give up.
regards.