Government Security
Network Security Resources

Jump to content

Photo

How the ESP trick actually works

- - - - - bug assembly
  • Please log in to reply
No replies to this topic

#1 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 23 December 2008 - 05:41 AM

Earlier today a friend of mine asked for assistance unpacking a custom built packer/protector… After I’d skimmed the disassembly I could see the ESP trick was a viable option once the anti-debug had been circumvented.

I decided to ask him if he’d heard about the ESP trick, he replied that he had used it quite a few times in the past. When I decided to ask him if he knew how it actually worked he told me that he didn’t know.

I’ve come across a lot of reverse engineers in my time, some experienced, others inexperienced… Roughly 40% of them had heard about and used the ESP trick at one point or another, but none knew how it actually worked.

That said I thought I’d write about the topic, so that next time someone asks me I can link them here. READ MORE





Also tagged with one or more of these keywords: bug, assembly