SunBeam Posted April 28, 2008 Share Posted April 28, 2008 Good work, q You need writing an *internal* tut on this lol. If that's OK with Lena She's already planning an update lol.. Link to comment Share on other sites More sharing options...
What Posted April 28, 2008 Share Posted April 28, 2008 (edited) Damn, I was beat to it. I guess there is 3 ways to go about doing this, I have tried them all. First, the obvious way is just straight up load under a debugger, which is possible, although I did have a problem with one anti debug where I would get caught sometimes and not others, even when using a script to bypass already found anti. Second way is to just attach and hope you can find the code that looks like the lower half the the oep (lame), plus I dont think most people know how to attach with its setup. The third way is more of what quosego used I guess. There is no crc check in the code, which is weird, I thought earlier versions had it, anyway with no crc you can write an inline patch up, then EBFE when you want to stop. Since your just going to run it real quick, you can half-azz the patch, bad habit, but whatever. Another enjoyable reverse. Edited April 28, 2008 by What Link to comment Share on other sites More sharing options...
quosego Posted April 28, 2008 Share Posted April 28, 2008 Impressive stuff mate, nice work Skillful & with a great sense of humor - lethal combination! Good work, q You need writing an *internal* tut on this lol. If that's OK with Lena She's already planning an update lol.. Thnx all, Just the result of a lot of free time and wanting to be the first.. :cool: Doubt if I could have waited much longer.. Will make something internal if it's allowed.. Including my scripts and api modder program.. quosego Link to comment Share on other sites More sharing options...
Loki Posted April 28, 2008 Share Posted April 28, 2008 Now that sounds interesting Link to comment Share on other sites More sharing options...
sfs Posted April 29, 2008 Share Posted April 29, 2008 lena do you start the app on pc with 256 mb or 128 mb ram for testingor start the app in 2 process and the second is crashing , on sp2but the protection is good Link to comment Share on other sites More sharing options...
pavka Posted April 30, 2008 Share Posted April 30, 2008 My variant unpacked & script fix import redirectlARP_2.0_ULTRA_Unpackme.rar Link to comment Share on other sites More sharing options...
ahmadmansoor Posted April 30, 2008 Share Posted April 30, 2008 My variant unpacked & script fix import redirect hehe what this Pavka?? :happy: .....what the purpose from script if u can't pass the debugger detected .... r u sure it is usefull :dry: ......How we know if it work ...without testing it (pls just don't say test it :whistling: ) Link to comment Share on other sites More sharing options...
Sonny27 Posted April 30, 2008 Share Posted April 30, 2008 Pavka never said that the scripts helps you getting around the debugger checks.That Link to comment Share on other sites More sharing options...
pavka Posted April 30, 2008 Share Posted April 30, 2008 My variant unpacked & script fix import redirect hehe what this Pavka?? :happy: .....what the purpose from script if u can't pass the debugger detected .... r u sure it is usefull :dry: ......How we know if it work ...without testing it (pls just don't say test it :whistling: ) You can test so: Make dump programs and make dump region of memory push XXXXXXXX <---- dump region ret Load in Olly Dump & Load dump region and start a script Link to comment Share on other sites More sharing options...
ahmadmansoor Posted April 30, 2008 Share Posted April 30, 2008 (edited) Edited April 30, 2008 by ahmadmansoor Link to comment Share on other sites More sharing options...
pavka Posted April 30, 2008 Share Posted April 30, 2008 Load dump in Olly , end load dumped memory Script static, only edit a mask under the region of memory! Link to comment Share on other sites More sharing options...
ahmadmansoor Posted April 30, 2008 Share Posted April 30, 2008 Load dump in Olly , end load dumped memory Script static, only edit a mask under the region of memory! I will give a try. after I back to my house ...because here i can't ..... but If i have any inquiry can i post it ..if this not bother u Many Thanks for u Link to comment Share on other sites More sharing options...
Zool@nder Posted April 30, 2008 Share Posted April 30, 2008 And here"s my contribution Too late as usual And also my script to fix IAT redirection Very nice work lena ESSAI_.zip Scrip6.txt Link to comment Share on other sites More sharing options...
SUB Z3R0 Posted April 30, 2008 Share Posted April 30, 2008 Fellas, Put unpacking away ...try to find DebuggerDetection Trick ... Link to comment Share on other sites More sharing options...
lena151 Posted April 30, 2008 Author Share Posted April 30, 2008 O plaudite, o plaudite, gloria victis? Vae victis!!! Felix qui potuit rerum cognoscere causas. De facto errare humanum est et beati pauperes spiritu. Contraria contraiis curantur. O acta est fabula. Aaaaah! Para bellum si vis pacem! Aaaaaah! Morituri te salutant ... ita est! Victurus te saluto, lena151 te saluto, ... ita est!Ave atque vale.lena151. 1 Link to comment Share on other sites More sharing options...
Loki Posted April 30, 2008 Share Posted April 30, 2008 I was going to say that Link to comment Share on other sites More sharing options...
HVC Posted April 30, 2008 Share Posted April 30, 2008 Aio, quantitas magna frumentorum est. Link to comment Share on other sites More sharing options...
lena151 Posted April 30, 2008 Author Share Posted April 30, 2008 Aio, quantitas magna frumentorum est. O tempora! Ipso facto, ira furor brevis est ... veritas odium parit. Audaces fortuna juvat. Non omnia possumus omnes ... o fortunates nimium, sua si bona norint reverseras! O mores! Ita est ... ita diis placuit. Aaaah! O mores! Ira furor brevis est. Ita est ... ita diis placuit. Aaaaah! Alea jacta est! Quod erat demonstrandum. Ave atque vale. lena151. Link to comment Share on other sites More sharing options...
Killboy Posted April 30, 2008 Share Posted April 30, 2008 I 2nd Loki at that...If I could just speak Spanish as well as you speak Latin lol Link to comment Share on other sites More sharing options...
SUB Z3R0 Posted April 30, 2008 Share Posted April 30, 2008 (edited) Aaaah! .......Aaaaah! ......... lena151 Is it s.e.x.y conversation ? :biggrin: ( sorry ... was just a joke ! ) Edited April 30, 2008 by SUB Z3R0 Link to comment Share on other sites More sharing options...
HVC Posted April 30, 2008 Share Posted April 30, 2008 Non omnia possumus omnes ... Aver... Is it s.e.x.y conversation ? :biggrin: LOLUS Link to comment Share on other sites More sharing options...
lena151 Posted April 30, 2008 Author Share Posted April 30, 2008 Sorry guys ... some good family news made that I couldn't resist a small joke I hope I didn't insult anybody. lena151. Link to comment Share on other sites More sharing options...
HVC Posted April 30, 2008 Share Posted April 30, 2008 Actually i found it pretty amusing. Glad to hear about the good news for your family. Link to comment Share on other sites More sharing options...
What Posted April 30, 2008 Share Posted April 30, 2008 (edited) Damn I am dumb, the only thing that was keeping my anti debug script from working everytime was, a normal GetTickCount with a sleep in between (if you do not know what I mean by normal, compared to other, you obviously didnt get very far). Difference needs to be 1A or something like that. Now to find one more anti debug, which is the catching of the debugger when I dont use hide toolz to hide the debugger, I figured there was no need before, but might as well. Edited April 30, 2008 by What Link to comment Share on other sites More sharing options...
sciolist Posted July 5, 2008 Share Posted July 5, 2008 thanks a lot Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now