[crackme]A Crackme with antidebug

[shellwolf]

enjoy it.

CrackMe01.rar

[DrPepUr]

Please follow and adhere to the topic title format - thank-you!

[shellwolf]

Please follow and adhere to the topic title format - thank-you!

ok.thank you

[SunBeam]

Most anti-debug tricks use SEH handlers and stuff from other protectors Good stuff, but not hard to skip if you check the stack Anyway, point is.. I found "A Martian!" (check up on ECX with hardcoded value). Not gonna say where to look

[shellwolf]

Most anti-debug tricks use SEH handlers and stuff from other protectors Good stuff, but not hard to skip if you check the stack Anyway, point is.. I found "A Martian!" (check up on ECX with hardcoded value). Not gonna say where to look

GOOD!

some anti is hide in function,so if u know it is a function of anti,just change returnvalue to false,then u will skip it.or u can nop it.

i will post several crackmes that i had post in bbs.pediy.com before.Welcome to test .

[SunBeam]

I didn't NOP or change anything. Let me show you what I mean

tE!Lock

PUSH DWORD PTR FS:[EAX]

MOV DWORD PTR FS:[ESP],EAX

^ Makes the SEH handler in stack, to skip your code I would only need to break on SEH Well, need to also patch those Context copies from ring0 to ring3

VMProtect

PUSHFD/POPFD

INT3

Classic

Edited September 6, 2008 by SunBeam

[shellwolf]

I didn't NOP or change anything. Let me show you what I mean

thanku.

what OS you use?winxp or win2003?

Edited September 6, 2008 by shellwolf

[SunBeam]

XP SP2