r42fr Posted May 18, 2013 Share Posted May 18, 2013 I want to write a anti-anti debugging plugin.But I don't know how to go throw the code to find the traps? Link to comment
Insid3Code Posted May 18, 2013 Share Posted May 18, 2013 It is hard to cover all existing anti-debug, I advise you to begin with very basic detection tricks like hiding the PEB and memory patching of known API like FindWindow and other. Link to comment
r42fr Posted May 19, 2013 Author Share Posted May 19, 2013 But how to read the code of the program? Link to comment
Insid3Code Posted May 19, 2013 Share Posted May 19, 2013 (edited) I guess, you mean debuggee?If you plan de code your plugin for OllyDbg you must read the PDK available on author website.To read/write into debuggee memory you can use ODBG2_Pluginnotify to get (debuggee Process ID) when PN_NEWPROC == parm1 Edited May 19, 2013 by Insid3Code Link to comment
r42fr Posted May 19, 2013 Author Share Posted May 19, 2013 And how to print to ollydbg console? Link to comment
Insid3Code Posted May 19, 2013 Share Posted May 19, 2013 (edited) All you want is available into OllyDbg PDK, please read it!hxxp://www.ollydbg.de/version2.htmlAlso, take a deep look into traceapi source for undocumented functions. Edited May 19, 2013 by Insid3Code Link to comment
slipfake Posted May 25, 2013 Share Posted May 25, 2013 There're good tutorials on www.woodmann.com about anti-debugging. Follow that site! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now