Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Code Injection
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #13  
Old 10-27-2003, 15:57
[NtSC]
 
Posts: n/a
Hummm--

*** I'd love to undestand how in general it is possible (if it is indeed possible) to stop an application as soon as it has been completely unpacked.
Could placing a breakpoint on the statement just before the OEP be a good general solution? ***

Yes... You could code an R3 Tool that loads the App.. Then you have to search for Signatures you can set Breakpoints on,and hangle down this locations until you catch a Point were the Application is unpacked.

Placing a Breakpoint on the Statement before the real OEP is indeed the Way to go..

Else you could hook some Api that gets called before the real OEP is executed...

As i already told Radier before,play with some examples..
Its not that much Voodoo as u think off it ;-)
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DLL Injection ldmd Source Code 2 10-07-2024 21:44
Usermode APC Injection WorldCrackersUnited Source Code 4 06-05-2017 15:42


All times are GMT +8. The time now is 01:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )