Jump to content
Sign in to follow this  
CodeCracker

EPFinder

Recommended Posts

CodeCracker

EPFinder:
Will find old entry point on packed programs by searching some instructions patterns,
obviously will not always work, but in most of cases yes.
Will not work for stolen entry point or some other advanced protections.
Step1: Execute the packed (protected) program
Step2: Start EPFinder select Process checkbox
Step3: Select the process from the list
Step4: Selected the module from list or mark "Main mod" checkbox to specify that it is about main module
Step5: Click on Get button to get the result
 

EPFinder.zip

EPFinder-Src.zip

  • Like 5
  • Upvote 1

Share this post


Link to post
Share on other sites
GautamGreat

Interesting!!!

Is it for .net targets ?

Share this post


Link to post
Share on other sites
CodeCracker

No, it is not for .NET!
It is for native: Visual Basic, Borland Delphi and Visual C++.
The hardest is on Visual C++ and will not work for all targets.
The imposible to do (not done) is for MASM or other assemblers language

since EP may start with any instructions!
 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

Guidelines