Timeline for Why to dump precisely at OEP while manual unpacking?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 24, 2017 at 10:31 | vote | accept | greenpiece | ||
| Mar 24, 2017 at 10:30 | comment | added | greenpiece | @NirIzr Wow, thanks a lot! You've really sorted things out (in addition to Nordwald's excellent answer). | |
| Mar 23, 2017 at 14:07 | history | edited | NirIzr | CC BY-SA 3.0 | added 665 characters in body |
| Mar 23, 2017 at 13:57 | comment | added | Nordwald | Following up on this, methods 3 and 4 are pretty common. The most advanced technqiues don't use any API functions, but try to find the libraries in memory to parse their export table. Typically a hash function is used to obfuscate the names it is looking for | |
| Mar 23, 2017 at 13:54 | history | answered | NirIzr | CC BY-SA 3.0 |