r42fr Posted May 18, 2013 Posted May 18, 2013 I want to write a anti-anti debugging plugin.But I don't know how to go throw the code to find the traps?
Insid3Code Posted May 18, 2013 Posted May 18, 2013 It is hard to cover all existing anti-debug, I advise you to begin with very basic detection tricks like hiding the PEB and memory patching of known API like FindWindow and other.
Insid3Code Posted May 19, 2013 Posted May 19, 2013 (edited) I guess, you mean debuggee?If you plan de code your plugin for OllyDbg you must read the PDK available on author website.To read/write into debuggee memory you can use ODBG2_Pluginnotify to get (debuggee Process ID) when PN_NEWPROC == parm1 Edited May 19, 2013 by Insid3Code
Insid3Code Posted May 19, 2013 Posted May 19, 2013 (edited) All you want is available into OllyDbg PDK, please read it!hxxp://www.ollydbg.de/version2.htmlAlso, take a deep look into traceapi source for undocumented functions. Edited May 19, 2013 by Insid3Code
slipfake Posted May 25, 2013 Posted May 25, 2013 There're good tutorials on www.woodmann.com about anti-debugging. Follow that site!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now