Beast_Hunter Posted January 19, 2019 Share Posted January 19, 2019 (edited) How To Fix Debugger Detected In x64dbg Picture ProtectionID Scan Spoiler -=[ ProtectionID v0.6.7.0 OCTOBER]=- (c) 2003-2015 CDKiLLER & TippeX Build 31/10/15-14:35:10 Ready... Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe File Type : 32-Bit Exe (Subsystem : Win CUI / 3), Size : 531968 (081E00h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) [TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | - [TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA14 | VA: 0x00430614 | - [TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA30 | VA: 0x00430630 | - [!] Executable uses SEH Tables (/SAFESEH) (43 calculated 38 recorded... 3 invalid addresses) [!] * table may be compressed / encrypted * [File Heuristics] -> Flag #1 : 00000100000001001001000000000000 (0x04049000) [Entrypoint Section Entropy] : 6.67 (section #0) ".text " | Size : 0x21EBC (138940) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 5 (0x5) | ImageSize 0x85000 (544768) byte(s) [Debug Info] (record 1 of 2) (file offset 0x2FA10) Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 13 (0xD) -> Undocumented | Size : 0x314 (788) AddressOfRawData : 0x31168 | PointerToRawData : 0x30568 [Debug Info] (record 2 of 2) (file offset 0x2FA2C) Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 14 (0xE) -> Undocumented | Size : 0x0 (0) AddressOfRawData : 0x0 | PointerToRawData : 0x0 [!] File appears to have no protection or is using an unknown protection - Scan Took : 9.204 Second(s) [000002644h (9796) tick(s)] [503 of 577 scan(s) done] Edited January 20, 2019 by Beast_Hunter 1 1 Link to comment
deepzero Posted January 19, 2019 Share Posted January 19, 2019 Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts. 1 Link to comment
pwnium Posted January 19, 2019 Share Posted January 19, 2019 you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique for example : IsDebuggerPresent once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it ! Link to comment
Insid3Code Posted January 19, 2019 Share Posted January 19, 2019 (edited) 13 hours ago, Beast_Hunter said: How To Fix Debugger Detected In x64dbg Picture Looks like Themida/Winlicense message box... Edited January 19, 2019 by Insid3Code Link to comment
Beast_Hunter Posted January 20, 2019 Author Share Posted January 20, 2019 On 1/19/2019 at 1:22 PM, deepzero said: Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts. thanks bro and thanks alot for advice i am new here nice meeting you. Link to comment
Beast_Hunter Posted January 20, 2019 Author Share Posted January 20, 2019 23 hours ago, Rever7eR said: you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique for example : IsDebuggerPresent once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it ! i found the api isdebuggerpresent and what should can i do? Link to comment
pwnium Posted January 20, 2019 Share Posted January 20, 2019 (edited) 4 hours ago, Beast_Hunter said: i found the api isdebuggerpresent and what should can i do? i don't know what you're trying to do , and am not good at unpacking put i know one thing if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 or you can simply use a plugin to do this job someone correct me if am wrong Edited January 20, 2019 by Rever7eR Link to comment
deepzero Posted January 20, 2019 Share Posted January 20, 2019 Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide If yes, what's the configuration? Did you scan the software to identify the protection? Link to comment
Insid3Code Posted January 20, 2019 Share Posted January 20, 2019 On 1/19/2019 at 7:57 AM, Beast_Hunter said: Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe According to similar soft, the used protection is VMProtect... Link to comment
deepzero Posted January 21, 2019 Share Posted January 21, 2019 Good, finding that is the first step. Now you can google and search this board how to hide x64dbg+scyllahide from VMProtect. Link to comment
Beast_Hunter Posted January 21, 2019 Author Share Posted January 21, 2019 14 hours ago, deepzero said: Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide If yes, what's the configuration? Did you scan the software to identify the protection? yes i just installed the scyllahide and yes i scaned the software. Link to comment
Beast_Hunter Posted January 21, 2019 Author Share Posted January 21, 2019 12 hours ago, Insid3Code said: According to similar soft, the used protection is VMProtect... 14 hours ago, deepzero said: Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide If yes, what's the configuration? Did you scan the software to identify the protection? 15 hours ago, Rever7eR said: i don't know what you're trying to do , and am not good at unpacking put i know one thing if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 or you can simply use a plugin to do this job someone correct me if am wrong On 1/19/2019 at 5:09 PM, Mad Max said: VMProtect. Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out. Link to comment
Croll Posted February 4, 2019 Share Posted February 4, 2019 On 1/21/2019 at 10:48 AM, Beast_Hunter said: Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out. 3 Are you going to share how you did it so we all benefit? Link to comment
Beast_Hunter Posted February 5, 2019 Author Share Posted February 5, 2019 i just install the plugin and i worked Link to comment
i51121 Posted February 19, 2019 Share Posted February 19, 2019 this is VMProtect , you can try sharpodx64 (https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/) , ScyllaHide is no effect Link to comment
Beast_Hunter Posted February 19, 2019 Author Share Posted February 19, 2019 thanks bro 1 hour ago, i51121 said: this is VMProtect , you can try sharpodx64 (https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/) , ScyllaHide is no effect Link to comment
Beast_Hunter Posted February 19, 2019 Author Share Posted February 19, 2019 can you give me the zip link because it removed Link to comment
deepzero Posted February 19, 2019 Share Posted February 19, 2019 Scroll down a bit, it's there. https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/?do=findComment&comment=192291 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now