Jump to content
Tuts 4 You

I want to write a anti-anti debugging pluging.


r42fr

Recommended Posts

Posted

I want to write a anti-anti debugging plugin.But I don't know how to go throw the code to find the traps?


 


 


Insid3Code
Posted

It is hard to cover all existing anti-debug,  I advise you to begin with very basic detection tricks like hiding the PEB and memory patching of known API like FindWindow and other.

Posted

But how to read the code of the program?


Insid3Code
Posted (edited)

I guess, you mean debuggee?
If you plan de code your plugin for OllyDbg you must read the PDK available on author website.To read/write into debuggee memory you can use ODBG2_Pluginnotify to get (debuggee Process ID)  when PN_NEWPROC == parm1

Edited by Insid3Code
Posted

And how to print to ollydbg console?


Insid3Code
Posted (edited)

All you want is available into OllyDbg PDK, please read it!
hxxp://www.ollydbg.de/version2.htmlAlso, take a deep look into traceapi source for undocumented functions.

Edited by Insid3Code
Posted

There're good tutorials on www.woodmann.com about anti-debugging. Follow that site!


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...