Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page For all Olly and coding GUru's
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-08-2005, 01:58
Crudd[RET] Crudd[RET] is offline
Friend
  
Join Date: Aug 2004
Posts: 28
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Crudd[RET] Reputation: 0
Message from Kreatief (Contest Mod)
This is a quote from one of the mods. He wouldve responded himself, but hes not registered here.
Quote:
What this contest is supposed to be:

There exists alota anti sice tricks out there. But OllyDbg is used more and more. And there arent so many protections against it. Mostly they are just general anti debugger techniques.

We want to see the best anti olly tricks. And this means, really anti olly tricks, no generell protections.

Quote:
- commented sources (for whom?),


For me to understand what you do. I dont have the time to trace every single entry, especially its getting hard if you combine it with basic asm.
The other thing is that users want to see what you do and learn from it.

Quote:
- must work on Windows 9x,ME,NT,2K,XP (why NT,2K,XP isn't enough?),


Cause there are alota guys out there, who still use 9x. And personally I dont like system specific things. What is the sense of a protection technique if you can switch the OS and ignore all those protections.

Quote:
- accepted languages are: asm, C/C++ (why not Delphi?),


Cause those languages are the most common. Thats nothing against Delphi or whatever, but its easier for everyone to have those common languages (except for the author maybe), and we used to keep it that way.

Quote:
a text file with description of your ideas, explanation of more complicated pieces of code (for whom?).


It's nice to see a single file, where the basic ideas are descripted to get an overview. No big textes needed, just a few notes about what your intention was to write this entry!
Next thing are the more complicated pieces of code: Just imagine I have manually encrypted one part of code a few times with several techniques. How do you know what happened there? Again: I dont have the time, and honestly I dont want to trace all this stuff. What for?


Generally:

I dont wanna do a commercial protector out of it. What I am planning is, if those entrys are good, I am thinking about putting all ideas together, and write a paper about it. Sure, just if you want to. This could be published at codebreakers journal, or maybe some higher instance.
I am sure, we get alot of very interesting protections and techniques together, which are really interesting for most people. Thats our imagination of spreading knowledge. We are here to learn and to spread our knowledge.

For me, it would be great to see some entrys from you guys.


DKT
Reply With Quote
  #2  
Old 04-08-2005, 18:32
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
I am really impressed (very rare feeling of me) that someone bothered to explain the idea of the discussed contest. I did not really expect that. Thank you.

Unfortunately I will persist in mine opinion (maybe because I rarely change it). I do not mean that you want to develop a protector, I am afraid that the work of enthusiastic hobbyists, like ExeTools members, may be used in some commercial project without their gratification. I have no rights to judge the real intentions of this contest, but I believe you could achieve similar benefits (in the scientific meaning), to the one you claim, by posting a thread on ExeTools and RCE message boards.

My personal note: OllyDbg is a really powerful tool. You are right by saying "OllyDbg is used more and more" but my small suggestion is: detection of OllyDbg as a standalone software is not powerful. Moreover, any detection of a standalone product is weak because:

- you can always modify the product, even if you are not the author (the same is for OllyDbg. I have own, customized version, not detectable so far),
- you can always modify the protection and find the check (I am suggesting that in my humble opinion a debugger prevention should not be based on a single check but a kind of specifc code mixed within protected code).

I am not any expert, but I would suggest a lower level (in the meaning of software architecture). There are many possibilites of killing/detecting all the debuggers (including these not made yet) based on the features of OS and x86 specification. With some invention you can build not only a powerful shield, unimaginable hard to defeat, but also a cross-platform anti-debug protection - stronger than StarForce and XProtector owns (using drivers for ring0 debuggers and exceptions for ring3 tools/debuggers is an outdated idea).

Anyway, I am still impressed with your answer being posted here. Congratulations for bracing up the courage and good luck in your work.

Regards,
dyn!o
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASM coding, do you use a special program, or can you use C for asm-coding instead epikur General Discussion 15 08-18-2004 04:40


All times are GMT +8. The time now is 00:12.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )