.I have a piece of malware, packed with PElock, that has some anti-debugging that I haven't been able to get around yet. Both IDA and Olly are being detected (a popup comes up and the program dies to an exception after clicking the "ok" button). IsDebuggerPresent doesn't appear to be called, neither does FindWindow(A/W/ExA/ExW). In fact, it doesn't look like user32 gets loaded until the packer needs the MessageBox export for the popup.
From what I know from the PElock website, this seems consistant to their features.
Anyone have any hints on how I can get an unpacked version of this malware?
Thanks
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}