Thread: Instruction Size
View Single Post
  #2  
Old 04-09-2005, 16:38
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
Complex question.

It depends on the sort of protection are you working on.

1. Common software.
I would suggest a disassembler source engine (you can find few on the net, as I remember also on OllyDbg page). This will deal with all offsets.

2. Crypted software.
I would suggest EIP logger since some protections use polymorphic and/or metamorphic engines, thus you will fail with disassembler engine.

3. Crypted software with virtual machine.
This is the worst assumption. In this case I would suggest to write own disassembler (for decompiling opcodes and in some fancy protections even operation types) and tracer (code flow execution control). Hard thing but the most effective.

Regards.
Last edited by dyn!o; 04-09-2005 at 16:44.
Reply With Quote