[crackme] A very cool crackme with strong anti-debugger

[cooooldog]

Notepad with strong anti-debugger protection.

StongOD does not work. How to debug it?

thanks

notepad_se.rar

[Teddy Rogers]

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

[ErrorShow]

Notepad with strong anti-debugger protection.

StongOD does not work. How to debug it?

thanks

notepad_se.rar

哈哈，这么厉害啊。海风的StrongOD,也抗不住么？

[EvOlUtIoN]

safengine protector?

[denoiser]

this is Shielden v2.0.0

To start debugging break on system entry point and soon will end up on call to GetThickCount which is obviously not jumping (in jump table) where is supposed to. Try to avoid this call and you can start unpacking from there.

Edited December 24, 2010 by denoiser

[LCF-AT]

@ denoiser

So do you mean to bypass the Safeengine message?

Can you post the code part from the place where you talking about?

greetz

[LCF-AT]

Ok I see the unpackme has alomst nothing enabled to unpack it!

Here my unpacked file without bypassing the Safeengine message!

greetz

notepad_se_Unpacked.rar

[cooooldog]

@LCF-AT

Would you please share us the tips how you can do it?

Since you know, notepad.exe is very popular everywhere

though I believe absolutely you can get it debugged and unpacked...

just prove it and show it...

and the most importantly, teach us how to do it...

and then Merry christmas and thank you for sharing

Ok I see the unpackme has alomst nothing enabled to unpack it!

Here my unpacked file without bypassing the Safeengine message!

greetz

[EvOlUtIoN]

mayb e it's protected by a trial version of protector?

[Nooby]

it is protected by:

1.Ctrl+G 100739D and write 6A 70

2.dump

3.grab IAT, resource section(see PE header) from a running process

Edited December 27, 2010 by Nooby

[cooooldog]

@Nooby

谢了, 哥.

@LCF-AT

你啥时候回来? when will you be back ah?