Originally posted by evaluator
Hi, Daemon!

As I found same IAT-redirection trick uses also telock98(at least).
My question is for history purpose:
How is author of this trick?

Hi, Tsehp!
If Solodovnikov will add this trick to ASPRotect...
You can close your RV project...
OR you must force your tracer to trace until real EXPORT. Is this possible???

My suggestion:
1. Lets make big pause in RV project!
2. Collect new anti-tricks
3. Come back with turbo-enhanced RV
sorry but it seems that you really don't know how rv works...
let me explain :
I first coded some disasm code to fix the first schemes, first instr api executed then jmp to real api, or api call redirected, and it was working fine, just like imprec on first days.

Then aspr, vbox and other schemes began to mangle their iat calls, it was almost impossible to code a disam to decrypt/demangle them, so the tracer was began 10 days after first rv version.

Actually, 90% of my work is focused on the tracer, just because when this tool runs, it gets the first priority on the system and executes the apps, iat calls, everything.

This tracer serves iat resolving, and the only way to avoid it to go inside the api is to emulate the api... alexey made a first attempt with simple ones, but I also emulated them, so this was easily fixed. If someone tries to emulate all of them, he will have to build a different version for every kind of windows and every build

Like theOwl said in past posts, the tracer is a very important tool, It can also be used to dump programs, just like icedump on win9x, and later could also be used to build a boundschecker-like program, used to make all kind of reports you want, maybe opening it's behaviour and make it react with a script language could be very interesting.