|
Cryptor & IAT
It appears some of the "magic" Exeshield performs on the target executable breaks its functionality in win2k.
In the attached example all the cryptor options were turned on, including IAT destruction. Which would explain your missing functions.
The original executable was a simple example from hutch's masm distribution that did originally run on all platforms. (original code by iczelion)
I didn't try different combinations of options of encryption to see what exactly breaks it, if it is the unpacking code, or changes in the PE structure.
The original encryptor itself is included with my attachment in this thread if your interested.
I did not spend much time looking at the target executables code after packing, as this particular protector appears really weak, and as you discovered, not platform friendly.
(My couple boxes here are XPsp1 machines but after you mentioned that compatibility problem I fired up a 2000sp4 VM and sure enough, the app did not run as you said. )
It was simply an exercise in learning to trace packer program flow in Olly.
(and trying to learn more, like Dyn!o mentioned earlier, then just which buttons to press in what order to arrive at an OEP.)
-bg
|