> to successfully unpack the program. All they really needed to > do was dump it from memory while it was running and they could've analyzed > it immediately with any disassembler.
Forgive me, I am no assembly hacker nor much of a programmer, but would it be possible for a program to 'react' in some way were one to try to dump it from memory?
The program would have to use a device driver to protect itself from not being dumped from memory to disk. But there are ways around that as well.
_________________________________________________________________
Get a FREE online virus check for your PC here, from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
