> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > first last [snip] > > > >IIRC there are viruses that are encrypted and are almost impossible > >to disassemble? > > > >Would that be true? > > > > Sobig.F was packed with tElock. It's a PE file protector. It > "encrypts" the program's code and data, and tries to detect debuggers before [snip] > to successfully unpack the program. All they really needed to > do was dump it from memory while it was running and they could've analyzed > it immediately with any disassembler.
Forgive me, I am no assembly hacker nor much of a programmer, but would it be possible for a program to 'react' in some way were one to try to dump it from memory? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
