10 replies to this topic

[cooooldog]

Notepad with strong anti-debugger protection.

StongOD does not work. How to debug it?

thanks

 notepad_se.rar   1.02MB   127 downloads

[Teddy Rogers]

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

[ErrorShow]

Notepad with strong anti-debugger protection.

StongOD does not work. How to debug it?

thanks

 notepad_se.rar   1.02MB   127 downloads

哈哈，这么厉害啊。海风的StrongOD,也抗不住么？

[EvOlUtIoN]

safengine protector?

[denoiser]

this is Shielden v2.0.0

To start debugging break on system entry point and soon will end up on call to GetThickCount which is obviously not jumping (in jump table) where is supposed to. Try to avoid this call and you can start unpacking from there.

Edited by denoiser, 24 December 2010 - 12:36 PM.

[LCF-AT]

@ denoiser

So do you mean to bypass the Safeengine message?
Can you post the code part from the place where you talking about?

greetz

[LCF-AT]

Ok I see the unpackme has alomst nothing enabled to unpack it!
Here my unpacked file without bypassing the Safeengine message!

greetz

Attached Files

•  notepad_se_Unpacked.rar   1.02MB   60 downloads

[cooooldog]

@LCF-AT

Would you please share us the tips how you can do it?

Since you know, notepad.exe is very popular everywhere

though I believe absolutely you can get it debugged and unpacked...

just prove it and show it...

and the most importantly, teach us how to do it...

and then Merry christmas and thank you for sharing

Ok I see the unpackme has alomst nothing enabled to unpack it!
Here my unpacked file without bypassing the Safeengine message!

greetz

[EvOlUtIoN]

mayb e it's protected by a trial version of protector?

[Nooby]

it is protected by:
1.Ctrl+G 100739D and write 6A 70
2.dump
3.grab IAT, resource section(see PE header) from a running process

Edited by Nooby, 27 December 2010 - 04:18 AM.

[cooooldog]

@Nooby

谢了, 哥.

@LCF-AT

你啥时候回来? when will you be back ah?