Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Themida/WinLicence latest version information
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-18-2017, 17:59
dummys dummys is offline
Friend
  
Join Date: Aug 2015
Posts: 16
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 4 Times in 4 Posts
dummys Reputation: 4
Themida/WinLicence latest version information
Hi guys,

I'm trying to be able to debug an application that run only in Windows 10 and is packed by Themida. In fact, it's not the main exe file which is packed, it's a dll that after add a lot of new sections to the exe it seems. I can attach to it using ScyllaHide, but when running secure function inside the binary my debugger seems to get trapped and the application crash. I was trying to launch directly from the debugger the application, but even with all ScyllaHide antidebug activated, it seems that themida still find that I'm debugging it. I tried to hook using Frida the NtSetInformationThread in order to block the ThreadHideFromDebugger flag, without success. I've also tried using API Monitor, with the context switch attach. I'm searching for information about some of the protection that this protector can use. Or if you have idea how to detect of search which protection it is using. thanks
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 00:14.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )