|
code runs-> hits entrypoint
code is then decrypted/decompressed
import table probably then 'filled'
normal code is then executed
thats the normal steps the system takes when the exe is packed/compressed/crypted
you're sort of asking for a generic method, and there isn't one, while packers and cryptors follow a common 'theme', their methods can be vastly different, and debugger detection (and getting around it) relies entirely on your own skill level... try using some anti-anti debug plugins to avoid detection, or spend some time, trace the code and see how its detecting your debugger... there are no quick, short answers sadly
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
|