Jump to content
Tuts 4 You

[crackme] A very cool crackme with strong anti-debugger


cooooldog

Recommended Posts

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

this is Shielden v2.0.0

To start debugging break on system entry point and soon will end up on call to GetThickCount which is obviously not jumping (in jump table) where is supposed to. Try to avoid this call and you can start unpacking from there.

Edited by denoiser
Link to comment
Share on other sites

@LCF-AT

Would you please share us the tips how you can do it?

Since you know, notepad.exe is very popular everywhere :thumbsup:

though I believe absolutely you can get it debugged and unpacked...

just prove it and show it...

and the most importantly, teach us how to do it...

and then Merry christmas and thank you for sharing :yahoo:

Ok I see the unpackme has alomst nothing enabled to unpack it! :)

Here my unpacked file without bypassing the Safeengine message!

greetz

Link to comment
Share on other sites

it is protected by:

1.Ctrl+G 100739D and write 6A 70

2.dump

3.grab IAT, resource section(see PE header) from a running process

;)

Edited by Nooby
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...