PC-Guard 5.xx (Unpacking)

Author Orthodox
Description I have read a couple of tutorials regarding PC Guard, and I followed them and found OEP and fixed the imports easily, but when I tried to use my dump it was unusable, the application always crash when I wanted to use some functions. So I traced my dump and found out where application was crashing. It crashed on a call to virtual memory. I tried different options to dump that section and add it to my dump. I also fixed it to a correct offset, but application always crash. So traced original to that call and find out that PC Guard decrypts code on the fly and just before the RET command there is another call that encrypts it again. So to properly dump it we have to trace original and after it decrypts its code we need to binary copy and paste it to our dump and NOP decrypts and encrypts calls.
Date Sunday 22 July 2007 - 23:26:33
