Sometimes I've tried to attach Ollydbg to applications those have some protection against debuggers, but I have never coded any of these applications and did not see this protection in many applications... So it looks like it is not hard to bypass…
I am trying to grasp an anti-debugging trick used in this program. Upon attaching any debugger (x64dbg, VEH debugger) the software crashes after about 2 seconds.
x64dbg shows me that the following instruction causes an exception:
After stepping…
Recently I have found the article Using UPX as a Security Packer. Here, UPX is patched, after decompressing, also restores some overwritten bytes. This way, if somebody decompresses the binary with upx -d in order to analyse it, will obtain a…
By analyzing a piece of assembly code of a Trojan, I found a string "ZwQueryInformationThread". I assume that it is an anti-debugging technique because the process terminates after hitting that line.
But, I could not find any good explanation for…
I am trying to attach debug a program that has an "anti-debug" feature on it. When stepping through, it seems to step through a maze of call and jmp commands that eventually just loop around. The loop only happens when stepping line by line and I…
I launch a game process then I suspend the process and restore the hooks in ntdll.dll then I attach debugger to the process and resume the process. Next I see debugger catch the 0xC0000005(access violation) exception on thread [DbgUiRemoteBreakin]…
The application I target has terribly annoying anti-debugging techniques. With x32dbg and ScyllaHide with the following configuration, the application exits immediately as soon as a breakpoint is hit, whether it is a software or hardware…
What is the reason behind the byte scission (the next immediate byte following "int 2d" is skipped) behaviour when executing INT 0x2D?
I came across this article http://www.drdobbs.com/monitoring-nt-debug-services/184416239 but still cannot…
I am interested in the following technique to detect if a debugger is attached or not.
http://spareclockcycles.org/2012/02/14/stack-necromancy-defeating-debuggers-by-raising-the-dead/
However I tried the examples and they don't seem to work.
Do the…
When trying to debug a program using the x64dbg and in a specific step, the following problem happens:
Is that mean that the program has an anti-debugger?
if not, why when debugging the program and in a specific step that problem happen?
I'm trying to RE Stardew Valley to write cheats for it. The problem is that when I trace the pointers for my health/energy/etc... back more than one level the game crashes. It probably has some kind of anti-debugging checks in it. I looked into it a…
I am trying to make things harder for someone to reverse my code.
I think that implementing a shellcode following this article could work for my case.
How can I access (or share) global variables in the shellcode I am loading?
I assume you can pass…
