Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[crackme] Interesting Antidebug Trick?

rendari
rendari
in CrackMe

Featured Replies

Posted

Hello all,

I stumbled upon this antidebug trick on my 64 bit windows 7. I now want to see if it works in 32 bit on any other OS. Can you guys please download and run this exe in and out of a debugger and tell me if it detects your or not? I would like to see if this antidebug trick is platform specific or not :)

Thanks!

-rendariAntidebug_Test.zip

Hello all,

I stumbled upon this antidebug trick on my 64 bit windows 7. I now want to see if it works in 32 bit on any other OS. Can you guys please download and run this exe in and out of a debugger and tell me if it detects your or not? I would like to see if this antidebug trick is platform specific or not :)

Thanks!

-rendariAntidebug_Test.zip

Running on 32 bit windows xp sp3

All Good :) in and out of debugger

Not detected

Hope info helps

Edited by mactwo1

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Is there supposed to be anything special except for IsDebuggerPresent?

Tested it on 7 x64 out of curiosity (having the default antidbg options enabled, PEB stuff as well), didn't detect me though. Just thought you'd like to know.

Did detect me on Win7 x64. It seems to detect my "Protect DRX" option in Stealth64.

Interesting ;)

  • Author

Did detect me on Win7 x64. It seems to detect my "Protect DRX" option in Stealth64.

Interesting ;)

Yep, that's it :) Thanks!
Is there supposed to be anything special except for IsDebuggerPresent?
The IsDebuggerPresent is there to confuse! You should dig into AddHook (the first call) and see what is happening :)

Thanks all,

-rendari

Windows7, 32bit gets detected for me :)

  • Author

^With or without debugger?

Detect my Debugger with Phant0m all enabled

OS: Windows XP SP3 32bit

Using a default olly with just IsDebuggerPresent bypassed, no detection :D

Without debugger, 'All Good' message :)

Edited by Deathway

Detect my Debugger with Phant0m all enabled

OS: Windows XP SP3 32bit

Using a default olly with just IsDebuggerPresent bypassed, no detection :D

Without debugger, 'All Good' message :)

IsDebuggerPresent code should not even be reached. The vectored exception handler receives two exceptions (breakpoint and single-step), so it bypasses the code both times.

When the breakpoint is hit, the handler sets a hardware breakpoint, which triggers the single-step.

It should work on a 32-bit OS, too, since there's nothing undocumented happening here.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.