Quote:
|
Originally Posted by deroko
This is just asprotect virtual .exe extracted by aspr itself into memory, same as secure.dll in armadillo. All protection is in it, so dumping it and analyzing it is a good way to understand how asprotect works.
That's at least my approach on every asprotected target.
|
But the imagebase is 003XXXXX,< 00400000,
OllyDump and LordPE could not dump it.
That's a problem troubled me.
The second is that could you explain more details about
virtual .exe you mentioned.
Quote:
|
That's at least my approach on every asprotected target.
|
Need some tuts.
------------
Regards