Thanks rumor for the explanation.
I don't know if I explained well (probably I explained bad
) or I misunderstood your answer
In the PE header you can find valid entries for the COM directory and size of COM directory. I was wondering if the protector makes that entry NULL, how can the .NET protected application starts?
Do you think that it's loaded by the "protector's loader" before the protected target takes control? Because MSCORWKS.DLL (or any main .NET DLL) needs to know where the original data of the COM directory is located, right?
It should be great if we know how to "intercept" the loading of that COM directory, so we get the original data in the COM directory.
Thanks