|
before i use this way:
first, my target not load crypted.dll in memory, i make small dll_loader
with import from crypted.dll, for load all crypted.dll in memory.
after i use map32 for find all crypted sections and set bpm
on last crypted bytes in last crypted sections.
then, waiting while envelope encrypted all bytes
and use !suspend and dump from pe_tools.
last, fix dump in pe_tools.
is my first envelope unpacking, so i don't now about all cases.
also my target first read dongle data, then decode it.
if you target also use this may, you can fix decoded dongle cell,
encode it, and put new data to emulator.
|