.Hi
I got a program... It's heavily obfuscated and have advanced polymorphic techniques.
When I load program in olly if I change 1 single JNZ to JMP it doesn't work...
I found ONE of checker functions and I fixed that checker, so for little time I don't have problem with fixing some parts of it.
But problem comes here... This program loads most of it's code and functions in runtime from obfuscated and encrypted parts inside exe.
When I put a breakpoint in anywhere OUTSIDE of code section or even in code section (some times) I cannot get program running...
Program moves application to a crasher function and I get a lot of exceptions and finally program exits.
I tried Phant0m and I enabled all functions of Phant0m to hide debugger, but I wasn't lucky... Again if I put a breakpoint program calls a function which causes crash... I cannot locate this crasher function, just I get crash if I put breakpoint...
Any ideas?
Thanks from now!
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}