How RestoreCode works?
I ask it because if somebody hook GetProcAddress or LoadLibrary who are used like RestoreCode(GetProcAddress(LoadLibrary(PChar('ntdll.dll')), PChar('RtlExitUserProcess'))); will RestoreCode works?
if not how prevent it?
Isn't unpacking specific to the packer
Users browsing this forum: No registered users and 12 guests