|
"The second is that could you explain more details about virtual .exe you mentioned."
These protections hold the protection code into a true executable image, that performs the dirty work.
You could trace aspr OEP protection (very funny) for the version you mention by locating the pushed address execution list and analysing the last one, the one that mingles with OEP protection.
|