How To Fix Debugger Detected In x64dbg Picture

ProtectionID  Scan

Spoiler

-=[ ProtectionID v0.6.7.0 OCTOBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 31/10/15-14:35:10
Ready...
Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe
File Type : 32-Bit Exe (Subsystem : Win CUI / 3), Size : 531968 (081E00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT)
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | -
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA14 | VA: 0x00430614 | -
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA30 | VA: 0x00430630 | -
[!] Executable uses SEH Tables (/SAFESEH) (43 calculated 38 recorded... 3 invalid addresses) 
[!]    * table may be compressed / encrypted *
[File Heuristics] -> Flag #1 : 00000100000001001001000000000000 (0x04049000)
[Entrypoint Section Entropy] : 6.67 (section #0) ".text   " | Size : 0x21EBC (138940) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 5 (0x5) | ImageSize 0x85000 (544768) byte(s)
[Debug Info] (record 1 of 2) (file offset 0x2FA10)
Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x314 (788) 
AddressOfRawData : 0x31168 | PointerToRawData : 0x30568
[Debug Info] (record 2 of 2) (file offset 0x2FA2C)
Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 14 (0xE) -> Undocumented | Size : 0x0 (0) 
AddressOfRawData : 0x0 | PointerToRawData : 0x0
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 9.204 Second(s) [000002644h (9796) tick(s)] [503 of 577 scan(s) done]
 

 

Edited January 20, 20196 yr by Beast_Hunter

Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts.

VMProtect.

you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique 

for example : IsDebuggerPresent 

once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it !

13 hours ago, Beast_Hunter said:

How To Fix Debugger Detected In x64dbg Picture

Looks like Themida/Winlicense message box...

Edited January 19, 20196 yr by Insid3Code

On 1/19/2019 at 1:22 PM, deepzero said:

Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts.

thanks bro and thanks alot for advice i am new here nice meeting you.

23 hours ago, Rever7eR said:

you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique 

for example : IsDebuggerPresent 

once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it !

i found the api isdebuggerpresent and what should can i do?

4 hours ago, Beast_Hunter said:

i found the api isdebuggerpresent and what should can i do?

i don't know what you're trying to do , and am not good at unpacking put i know one thing 

if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 

or you can simply use a plugin to do this job  

someone correct me if am wrong 

Edited January 20, 20196 yr by Rever7eR

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

On 1/19/2019 at 7:57 AM, Beast_Hunter said:

Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe

According to similar soft, the used protection is VMProtect...

Good, finding that is the first step. Now you can google and search this board how  to hide x64dbg+scyllahide from VMProtect.

14 hours ago, deepzero said:

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

yes i  just installed the scyllahide and yes i scaned the software.

12 hours ago, Insid3Code said:

According to similar soft, the used protection is VMProtect...

 

14 hours ago, deepzero said:

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

 

15 hours ago, Rever7eR said:

i don't know what you're trying to do , and am not good at unpacking put i know one thing 

if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 

or you can simply use a plugin to do this job  

someone correct me if am wrong 

 

On 1/19/2019 at 5:09 PM, Mad Max said:

VMProtect.

Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out.

On 1/21/2019 at 10:48 AM, Beast_Hunter said:

Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out.

3

Are you going to share how you did it so we all benefit?

i am ban

i just install the plugin  and  i worked

this is VMProtect , you can try sharpodx64 （https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/） ,  ScyllaHide is no effect 

thanks bro 

1 hour ago, i51121 said:

this is VMProtect , you can try sharpodx64 （https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/） ,  ScyllaHide is no effect 

 

can you give me the zip link because it removed

Scroll down a bit, it's there.

https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/?do=findComment&comment=192291