#1
|
|||
|
|||
OllyDbg - invisible process
Hello Folks,
sorry for asking a probably noob question. I am trying to debug an installer, but ollydbg crashes when starting it from inside ollydbg. So I tried to attach the running process - but its not in my list of processes to attach on. It seems invisible. Can you help me? |
#2
|
|||
|
|||
What's the install maker?
scan it with ProtectionID and put the output here and for hiding between processes ,maybe it's using SSDT hooks to hide itself,so take a look at ssdt hooks ,have you tried to load it in olly with StrongOD and Phantom ? |
#3
|
|||
|
|||
Quote:
|
#4
|
|||
|
|||
I think it's s better you unpack this installer with Universl Extractor, or other unpacker that you have, some times more than two temporay pastes are open in the temp windows in the doccuments and settings when you run the any installer. Try this, maybe your question will be resolved.
Regards |
#5
|
||||
|
||||
i am think you have installer password protected becouse of that you want to debug him to reverse and skip password otherwise i am dont know why you want to debug installer if its not password protected
|
#6
|
||||
|
||||
http://tuts4you.com/download.php?view.2028
http://tuts4you.com/download.php?view.1276 |
The Following User Gave Reputation+1 to N0P For This Useful Post: | ||
daujones (03-03-2013) |
#7
|
|||
|
|||
Quote:
pic.png With both OllyDBG plugins I still can't debug the process. |
#8
|
||||
|
||||
@daujones send me file on pm to look
|
#9
|
|||
|
|||
When this happens(your picture), look in the temporary temp windows in the doccuments and settings(XP X86) when the setup.exe file is running, you will see the .msi package installation file or files for this APP. Copy this file(s) to a any paste (when the setup in running), made this, unpack it(the .msi file(s)), with 7ZIP or any msi unpacker, if you find files in this .msi package with extensions .cab maybe you have a hasp or sentinel protect file, if you find any password you maybe can remove it using this APP's(wise solutions, InstallShield 2010 Premier or Install Shield Password Finder tw).
Regards |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OllyDbg long process Module debug Vulnerability | elephant | General Discussion | 1 | 04-04-2005 21:49 |
What to do when Ollydbg can't attach to a process? | ycloud | General Discussion | 0 | 04-24-2004 19:10 |