|
|
#5
01-08-2008, 08:14
|
||||
|
||||
|
Dear AhmadMansoor, my patched OllyDbg is hidden agains SD blacklist, like ACPU, ACPUASM...etc. So HideTools is not needed. StrongOD plugin works like HideToolz. But I had used them with no success.
SndDbg and hacnho OllyIce failed too. The father process has no problem, but if I wanna bypass child creation (by moving 8 to eax at the end of routine), debugger will be detected. On some targets, this procedure will works: 1- BP on CreateFileA,ALt+F9, CTRL+F9, move 8 into EAX, F9... and Debugger is detected !. Now CTRL+F2 and restart the target. 2- This time I just press F9 and target will run inside OllyDbg (this worked on just one target, but not worked for others. I thinks because of minimum protection) Why child won't be created? Because temp files are created before and SD thinks fathers has run this child process So It's not because of single step breakpoint (I used HW BP for tracing too), but maybe because of timing check. The attached target is SD1.12, but too restive !  Maybe unpacking and reversing loveboom unpacker is the last way ! PS: Olly 2.0 has no export needed for plugins, so they cann't be run !
__________________
In memory of UnREal RCE... 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SVKP, Armadillo or SDProtector | TmC | General Discussion | 15 | 12-10-2004 22:19 |
| Unpacking SdProtector Pro | bLaCk-eye | General Discussion | 2 | 08-12-2004 22:10 |
Threaded Mode