Jump to content
Tuts 4 You
Beast_Hunter

Debugger Detected

Recommended Posts

Beast_Hunter

How To Fix Debugger Detected In x64dbg Picture

ProtectionID  Scan

Spoiler

-=[ ProtectionID v0.6.7.0 OCTOBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 31/10/15-14:35:10
Ready...
Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe
File Type : 32-Bit Exe (Subsystem : Win CUI / 3), Size : 531968 (081E00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT)
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | -
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA14 | VA: 0x00430614 | -
[TimeStamp] 0x5C42DE39 -> Sat 19th Jan 2019 08:22:17 (GMT) | DebugDirectory | - | Offset: 0x0002FA30 | VA: 0x00430630 | -
[!] Executable uses SEH Tables (/SAFESEH) (43 calculated 38 recorded... 3 invalid addresses) 
[!]    * table may be compressed / encrypted *
[File Heuristics] -> Flag #1 : 00000100000001001001000000000000 (0x04049000)
[Entrypoint Section Entropy] : 6.67 (section #0) ".text   " | Size : 0x21EBC (138940) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 5 (0x5) | ImageSize 0x85000 (544768) byte(s)
[Debug Info] (record 1 of 2) (file offset 0x2FA10)
Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x314 (788) 
AddressOfRawData : 0x31168 | PointerToRawData : 0x30568
[Debug Info] (record 2 of 2) (file offset 0x2FA2C)
Characteristics : 0x0 | TimeDateStamp : 0x5C42DE39 (Sat 19th Jan 2019 08:22:17 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 14 (0xE) -> Undocumented | Size : 0x0 (0) 
AddressOfRawData : 0x0 | PointerToRawData : 0x0
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 9.204 Second(s) [000002644h (9796) tick(s)] [503 of 577 scan(s) done]
 

 

Edited by Beast_Hunter (see edit history)

Share this post


Link to post
Share on other sites
deepzero

Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts.

  • Like 1

Share this post


Link to post
Share on other sites
Mad Max

VMProtect.:^

Share this post


Link to post
Share on other sites
Rever7eR

you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique 

for example : IsDebuggerPresent 

once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it !

Share this post


Link to post
Share on other sites
Insid3Code
13 hours ago, Beast_Hunter said:

How To Fix Debugger Detected In x64dbg Picture

Looks like Themida/Winlicense message box...

Edited by Insid3Code (see edit history)

Share this post


Link to post
Share on other sites
Beast_Hunter
On 1/19/2019 at 1:22 PM, deepzero said:

Depends on what Software/Protection detected it. Use protectionID to scan the binary and find it's protection. You should probably put a little more effort into your posts.

thanks bro and thanks alot for advice i am new here nice meeting you.

Share this post


Link to post
Share on other sites
Beast_Hunter
23 hours ago, Rever7eR said:

you can use RDG Packer Detector , this scanner can give you some extra informations , especially if there was an anti-Debugging technique 

for example : IsDebuggerPresent 

once you comfirm the software uses an api callled IsDebuggerPresent you can easily bypass it !

i found the api isdebuggerpresent and what should can i do?

Share this post


Link to post
Share on other sites
Rever7eR
4 hours ago, Beast_Hunter said:

i found the api isdebuggerpresent and what should can i do?

i don't know what you're trying to do , and am not good at unpacking put i know one thing 

if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 

or you can simply use a plugin to do this job :) 

someone correct me if am wrong 

Edited by Rever7eR (see edit history)

Share this post


Link to post
Share on other sites
deepzero

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

Share this post


Link to post
Share on other sites
Insid3Code
On 1/19/2019 at 7:57 AM, Beast_Hunter said:

Scanning -> C:\Users\Dell\Desktop\VNHAX_PUBGM.exe

According to similar soft, the used protection is VMProtect...

Share this post


Link to post
Share on other sites
deepzero

Good, finding that is the first step. Now you can google and search this board how  to hide x64dbg+scyllahide from VMProtect.

Share this post


Link to post
Share on other sites
Beast_Hunter
14 hours ago, deepzero said:

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

yes i  just installed the scyllahide and yes i scaned the software.

Share this post


Link to post
Share on other sites
Beast_Hunter
12 hours ago, Insid3Code said:

According to similar soft, the used protection is VMProtect...

 

14 hours ago, deepzero said:

Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide

If yes, what's the configuration?

Did you scan the software to identify the protection?

 

15 hours ago, Rever7eR said:

i don't know what you're trying to do , and am not good at unpacking put i know one thing 

if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 

or you can simply use a plugin to do this job :) 

someone correct me if am wrong 

 

On 1/19/2019 at 5:09 PM, Mad Max said:

VMProtect.:^

Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out.

Share this post


Link to post
Share on other sites
Croll
On 1/21/2019 at 10:48 AM, Beast_Hunter said:

Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out.

3

Are you going to share how you did it so we all benefit?

Share this post


Link to post
Share on other sites
Beast_Hunter

i am ban

Share this post


Link to post
Share on other sites
Beast_Hunter

i just install the plugin  and  i worked

Share this post


Link to post
Share on other sites
i51121

this is VMProtect , you can try sharpodx64 (https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/) ,  ScyllaHide is no effect 

Share this post


Link to post
Share on other sites
Beast_Hunter

thanks bro 

1 hour ago, i51121 said:

this is VMProtect , you can try sharpodx64 (https://forum.tuts4you.com/topic/39806-sharpod-x64-a_antidebug-plugin-support-for-x64dbg/) ,  ScyllaHide is no effect 

 

Share this post


Link to post
Share on other sites
Beast_Hunter

can you give me the zip link because it removed

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...