MrSynAckSter
Reputation: 1770
How to force ollydbg to copy a self modified executable?
I am working on an executable with self modifying code. Unfortunately, Ollydbg does not detect that the executable has "changed' despite it rather obviously XORing itself.
Normally, I would choose "copy to executable" -> "All modifications", press copy all, when a new window has opened, just press right mouse button and press "save file"
However, Olly detects no "modifications" no matter how many times I try to force it to analyze the file.
How can I force it to do what I want?
Upvotes: 1
Views: 783
Answers (1)
rustam Shirinov
Reputation: 139
Try to set a hardware breakpoint on write on the section that the 'Xor' ing happens
Upvotes: 1
Related Questions
- Locating OEPs in Packed EXE Files
- How to change a call with Reverse engineering
- How to open executable binary without running it in ollydbg?
- ollydbg opcode trace
- Editing a program with Ollydbg
- Ollydbg instructions before program
- OllyDbg, don't get the option to copy to executable file
- OllyDbg on win7 64 bit
- Editing assembly in WinDbg
- Patching Arm Executable?