hello all,
have a couple of questions involving unpacking iris 3.7 from eeye security software.
i saw an earlier tutorial involving iris 2.0 being packed with pcguard. now, of course, this one says aspack inside. no matter, i guess. i'm too new to really know.
i loaded icedump and then frogsice, then started softice loader and loaded iris through it and got the "invalid" upon break as suspected. i did an f10 to get to first instruction. i never did get to see the pushads and popads. there seems to be a lot of redirecting of code inside of there.
what i did do though, was to do a /dump of the iris.exe from inside si before the program ever opened. i was never able to successfully dump from procdump, dumpfx, lordpe or even iczdump. i kept getting error messages.
i've also think i determined that the timekeeper is inside the eeyelic.dll which is packed with the same protection as the main prog. i need to dump this to. i've got the dzapatcher which is helpful for inline patching, but you need to know the old values first.
any help to get a proper dump on this baby and then find the correct oep for the dump file? thanks for everyone's help.
jomamameister