Home Page

Download OEPFinder v0.2 Hybrid Build
[MD5 Checksum: 0D33613152C38C60472898A8845E7C18]

Download OEPFinder Quasar Build
[MD5 Checksum: D8B8F4FC62136A23FD3191F76B0003A6]

News:

21:April:2002

- Added a new "Attack and Defense" Section
- Added Anti-DRx and Anti-Anti-DRx techniques
- '\0'

20:April:2002

- OEPFinder v0.2 Hybrid Build released. This release adds a couple of neato features! :)
- '\0'

14:April:2002

- OEPFinder Quasar Build Beta! released.
- '\0'

Tools:

OEPFinder OEPFinder is a tool used to locate the Original Entry Point of packed Win32 programs. It supports a variety of packers including "ASProtect" :) For more details, refer the "readme.txt" within the package. I'm always interested in hearing ways to improve this program. Do drop me a line, if you think you can contribute.

Research: Attack and Defense

Anti-DRx and Anti-Anti-DRx
Coded in C with inline ASM
Increasingly packers use a lot of anti-debug tricks. One way is to use the SetThreadContext to gain ring0 access transparently and to clear the DRx [wondered why those BPMs don't work eh! ;)]
The Attack: Clearing DRx registers using SetThreadContext
The Defense: Setting back DRx registers by hooking SetThreadContext API

Download!

Tools:
OEPFinder	OEPFinder is a tool used to locate the Original Entry Point of packed Win32 programs. It supports a variety of packers including "ASProtect" :) For more details, refer the "readme.txt" within the package. I'm always interested in hearing ways to improve this program. Do drop me a line, if you think you can contribute.