Jump to content
Tuts 4 You

[crackme]A Crackme with antidebug

shellwolf

By shellwolf,
in CrackMe

Recommended Posts

SunBeam

SunBeam

Posted
Posted

Most anti-debug tricks use SEH handlers and stuff from other protectors ;) Good stuff, but not hard to skip if you check the stack ;) Anyway, point is.. I found "A Martian!" :D (check up on ECX with hardcoded value). Not gonna say where to look ;)

Link to comment
shellwolf

shellwolf

Posted
  • Author
Posted
Most anti-debug tricks use SEH handlers and stuff from other protectors ;) Good stuff, but not hard to skip if you check the stack ;) Anyway, point is.. I found "A Martian!" :D (check up on ECX with hardcoded value). Not gonna say where to look ;)

GOOD!

some anti is hide in function,so if u know it is a function of anti,just change returnvalue to false,then u will skip it.or u can nop it.

i will post several crackmes that i had post in bbs.pediy.com before.Welcome to test .

Link to comment
SunBeam

SunBeam

Posted
Posted (edited)

I didn't NOP or change anything. Let me show you what I mean ;)

tE!Lock

wa3gjp.png

PUSH DWORD PTR FS:[EAX]

MOV DWORD PTR FS:[ESP],EAX

^ Makes the SEH handler in stack, to skip your code I would only need to break on SEH ;) Well, need to also patch those Context copies from ring0 to ring3 :)

VMProtect

hst0rp.png

PUSHFD/POPFD

INT3

Classic :D

Edited by SunBeam
Link to comment
shellwolf

shellwolf

Posted
  • Author
Posted (edited)
I didn't NOP or change anything. Let me show you what I mean ;)

:yes: thanku.

what OS you use?winxp or win2003?

Edited by shellwolf
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...