Hi friends.
I think it's an old question.
Tonight I played with CD-Cops and it defeated me !!
The question is:
How to find the stolen bytes in child process which is debugged by its father?
I debugged the father, but I didn't understand where the original bytes written back to child.
As you know, Armadillo with Nanomite protection, Safedisk and Securom use the same method.
How do they execute original bytes? Father executes the codes virtually or child executes them when they were written back at original addresses?
Regards
--------------
edited:
I red the haggar's tut on unpacking SafeDisk. Is there anybody to know the tricks of CD-COPS?