Jump to content
Tuts 4 You

Pass Debugger Check in VMprotect 2.x

mojtaba

By mojtaba
in Malware Reverse Engineering

 Share

Recommended Posts

X0rby

X0rby

Posted
Posted (edited)
On 3/24/2024 at 4:41 PM, windowbase said:

@X0rby Just showing off?

I didn't change anything, just my usual dbg settings...

Edited by X0rby
  • Like 1
Link to comment
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

  • Sean Park - Lovejoy

    36

  • boot

    16

  • jackyjask

    8

  • X0rby

    7

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

jackyjask
jackyjask

Just old good professional grade Ollydbg v2  + ScyllaHide, no any dangerous driver based titan hiders Before Be   After   Scylla Hide plugin:

X0rby
X0rby

@windowbasedon't use titanhide on your main system.

X0rby
X0rby

Even if you do everything correctly it can crush your system and give you a blue screen, not that only but as I already told you in the past you MUST create a VM dedicated only to RCE, not your main e

Posted Images

boot

boot

Posted
Posted
1 hour ago, windowbase said:

Just showing off?

Regards.

sean.

With simple tricks, everyone can bypass the Anti-Debug of this target without loading the kernel-driver. If no one is willing to share this method, I will make it public. :)

Spoiler

 

  • Like 2
Link to comment
Share on other sites
jackyjask

jackyjask

Posted
Posted
3 minutes ago, RADIOX said:

Please try that with the 2 targets i shared 

one target silently crashes even without any debugger being  used

steps to run it?

Link to comment
Share on other sites
RADIOX

RADIOX

Posted
Posted
2 hours ago, jackyjask said:

silently crashes

I'll do a short video the 2 apps running fin without using a debugger 

Link to comment
Share on other sites
Sean Park - Lovejoy

Sean Park - Lovejoy

Posted
Posted
12 minutes ago, Oliver said:

@bootbro did you tried solving titan hide driver's blu screen issue?

Regards.

 

 

Regards.

sean.

Link to comment
Share on other sites
boot

boot

Posted
Posted
14 hours ago, Oliver said:

Did you tried solving titan hide driver's blu screen issue?

I have tried to add Etw Hook's source code to the source code of TitanHide.sys, but it was not effective and I am not considering it for now. I will release newly compiled plugins and drivers, using methods to bypass signatures. They will not need to disable signatures and can be loaded in normal mode.

  • Like 2
Link to comment
Share on other sites
Oliver

Oliver

Posted
Posted (edited)

Wow superb @boot ,what the great jobs you are doing for us bro.

Much  appreciated.

Best of luck.

Thank you very much.

Edited by Oliver
  • Like 1
Link to comment
Share on other sites
boot

boot

Posted
Posted
4 hours ago, boot said:

Not need to disable signatures and can be loaded in normal mode...

In theory, it is feasible, but it is unknown whether it will be effective in the new version of Windows OS.

Spoiler

Refer to these two links for usage:

MyDrv_Plugin_v0.004.zip

  • Like 2
Link to comment
Share on other sites
Oliver

Oliver

Posted
Posted

@bootbro i have a question ,when we start titan hide drivers then we can easily debug the latest vmp protected file like putting breakpoints and stepping but when we attach same file to the debugger and after putting  breakpoint click on the button why  program auto closes?

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...