cooooldog Posted December 22, 2010 Share Posted December 22, 2010 Notepad with strong anti-debugger protection.StongOD does not work. How to debug it? thanksnotepad_se.rar Link to comment Share on other sites More sharing options...
Teddy Rogers Posted December 23, 2010 Share Posted December 23, 2010 The [crackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply] Link to comment Share on other sites More sharing options...
ErrorShow Posted December 23, 2010 Share Posted December 23, 2010 Notepad with strong anti-debugger protection.StongOD does not work. How to debug it? thanksnotepad_se.rar哈哈,这么厉害啊。海风的StrongOD,也抗不住么? Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 24, 2010 Share Posted December 24, 2010 safengine protector? Link to comment Share on other sites More sharing options...
denoiser Posted December 24, 2010 Share Posted December 24, 2010 (edited) this is Shielden v2.0.0To start debugging break on system entry point and soon will end up on call to GetThickCount which is obviously not jumping (in jump table) where is supposed to. Try to avoid this call and you can start unpacking from there. Edited December 24, 2010 by denoiser Link to comment Share on other sites More sharing options...
LCF-AT Posted December 24, 2010 Share Posted December 24, 2010 @ denoiserSo do you mean to bypass the Safeengine message?Can you post the code part from the place where you talking about?greetz Link to comment Share on other sites More sharing options...
LCF-AT Posted December 24, 2010 Share Posted December 24, 2010 Ok I see the unpackme has alomst nothing enabled to unpack it! Here my unpacked file without bypassing the Safeengine message! greetz notepad_se_Unpacked.rar Link to comment Share on other sites More sharing options...
cooooldog Posted December 25, 2010 Author Share Posted December 25, 2010 @LCF-AT Would you please share us the tips how you can do it? Since you know, notepad.exe is very popular everywhere though I believe absolutely you can get it debugged and unpacked... just prove it and show it... and the most importantly, teach us how to do it... and then Merry christmas and thank you for sharing Ok I see the unpackme has alomst nothing enabled to unpack it! Here my unpacked file without bypassing the Safeengine message! greetz Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 25, 2010 Share Posted December 25, 2010 mayb e it's protected by a trial version of protector? Link to comment Share on other sites More sharing options...
Nooby Posted December 27, 2010 Share Posted December 27, 2010 (edited) it is protected by: 1.Ctrl+G 100739D and write 6A 70 2.dump 3.grab IAT, resource section(see PE header) from a running process Edited December 27, 2010 by Nooby Link to comment Share on other sites More sharing options...
cooooldog Posted December 29, 2010 Author Share Posted December 29, 2010 @Nooby 谢了, 哥.@LCF-AT你啥时候回来? when will you be back ah? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now