On 3/24/2024 at 4:41 PM, windowbase said:

@X0rby Just showing off?

I didn't change anything, just my usual dbg settings...

Edited March 25, 20241 yr by X0rby

1 hour ago, windowbase said:

Just showing off?

Regards.

sean.

With simple tricks, everyone can bypass the Anti-Debug of this target without loading the kernel-driver. If no one is willing to share this method, I will make it public. 

Spoiler

 

6 minutes ago, boot said:

With simple tricks, everyone can bypass the Anti-Debug of this target without loading the kernel-driver. If no one is willing to share this method, I will make it public. 

  Hide contents

 

 

@boot ASAP.

Regards.

sean.

15 hours ago, boot said:

With simple tricks, everyone can bypass the Anti-Debug of this target without loading the kernel-driver. If no one is willing to share this method, I will make it public. 

  Hide contents

 

 

Please try that with the 2 targets i shared 

3 minutes ago, RADIOX said:

Please try that with the 2 targets i shared 

one target silently crashes even without any debugger being  used

steps to run it?

2 hours ago, jackyjask said:

silently crashes

I'll do a short video the 2 apps running fin without using a debugger 

@bootbro did you tried solving titan hide driver's blu screen issue?

Regards.

12 minutes ago, Oliver said:

@bootbro did you tried solving titan hide driver's blu screen issue?

Regards.

 

 

Regards.

sean.

14 hours ago, Oliver said:

Did you tried solving titan hide driver's blu screen issue?

I have tried to add Etw Hook's source code to the source code of TitanHide.sys, but it was not effective and I am not considering it for now. I will release newly compiled plugins and drivers, using methods to bypass signatures. They will not need to disable signatures and can be loaded in normal mode.

Wow superb @boot ,what the great jobs you are doing for us bro.

Much  appreciated.

Best of luck.

Thank you very much.

Edited March 26, 20241 yr by Oliver

4 hours ago, boot said:

Not need to disable signatures and can be loaded in normal mode...

In theory, it is feasible, but it is unknown whether it will be effective in the new version of Windows OS.

Spoiler

Refer to these two links for usage:

• https://forum.tuts4you.com/topic/41774-pass-debugger-check-in-vmprotect-2x/page/2/#comment-219832
• https://forum.tuts4you.com/topic/41774-pass-debugger-check-in-vmprotect-2x/page/2/#comment-219837

MyDrv_Plugin_v0.004.zip

@bootbro i have a question ,when we start titan hide drivers then we can easily debug the latest vmp protected file like putting breakpoints and stepping but when we attach same file to the debugger and after putting  breakpoint click on the button why  program auto closes?