Jump to content
Tuts 4 You

[crackme]A Crackme with antidebug

shellwolf

By shellwolf
in CrackMe

 Share

Recommended Posts

SunBeam

SunBeam

Posted
Posted

Most anti-debug tricks use SEH handlers and stuff from other protectors ;) Good stuff, but not hard to skip if you check the stack ;) Anyway, point is.. I found "A Martian!" :D (check up on ECX with hardcoded value). Not gonna say where to look ;)

Link to comment
Share on other sites
shellwolf

shellwolf

Posted
  • Author
Posted
Most anti-debug tricks use SEH handlers and stuff from other protectors ;) Good stuff, but not hard to skip if you check the stack ;) Anyway, point is.. I found "A Martian!" :D (check up on ECX with hardcoded value). Not gonna say where to look ;)

GOOD!

some anti is hide in function,so if u know it is a function of anti,just change returnvalue to false,then u will skip it.or u can nop it.

i will post several crackmes that i had post in bbs.pediy.com before.Welcome to test .

Link to comment
Share on other sites
SunBeam

SunBeam

Posted
Posted (edited)

I didn't NOP or change anything. Let me show you what I mean ;)

tE!Lock

wa3gjp.png

PUSH DWORD PTR FS:[EAX]

MOV DWORD PTR FS:[ESP],EAX

^ Makes the SEH handler in stack, to skip your code I would only need to break on SEH ;) Well, need to also patch those Context copies from ring0 to ring3 :)

VMProtect

hst0rp.png

PUSHFD/POPFD

INT3

Classic :D

Edited by SunBeam
Link to comment
Share on other sites
shellwolf

shellwolf

Posted
  • Author
Posted (edited)
I didn't NOP or change anything. Let me show you what I mean ;)

:yes: thanku.

what OS you use?winxp or win2003?

Edited by shellwolf
Link to comment
Share on other sites
  • 15 years later...
Sean Park - Lovejoy

Sean Park - Lovejoy

Posted
Posted (edited)

No need to bypass this anti debug in windows 11. It just runs well without any anti anti debug tricks.

Regards.

sean.

Edited by Sean Park - Lovejoy
  • Haha 1
Link to comment
Share on other sites
X0rby

X0rby

Posted
Posted
30 minutes ago, Sean Park - Lovejoy said:

No need to bypass this anti debug in windows 11. It just runs well without any anti anti debug tricks.

Regards.

sean.

bro, this post is 16 years old !!!

  • Like 1
Link to comment
Share on other sites
jackyjask

jackyjask

Posted
Posted

 

@sean

please test windows 121 as well!  and dont forget to tell the forum about your try!!

 

  • Like 1
Link to comment
Share on other sites
CodeExplorer

CodeExplorer

Posted
Posted
1 hour ago, jackyjask said:

windows 121

windows 121 ??? I didn't know such thing exist! Maybe you are ironic.

 

  • Like 1
  • Haha 1
Link to comment
Share on other sites
MabunbuNgube

MabunbuNgube

Posted
Posted
On 4/13/2024 at 9:04 PM, Sean Park - Lovejoy said:

No need to bypass this anti debug in windows 11. It just runs well without any anti anti debug tricks.

Regards.

sean.

jesus christ my man, u got some crazy shovel to dig up this old of a topic

  • Like 1
  • Haha 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...