[dummys]

Hi guys,

I'm trying to be able to debug an application that run only in Windows 10 and is packed by Themida. In fact, it's not the main exe file which is packed, it's a dll that after add a lot of new sections to the exe it seems. I can attach to it using ScyllaHide, but when running secure function inside the binary my debugger seems to get trapped and the application crash. I was trying to launch directly from the debugger the application, but even with all ScyllaHide antidebug activated, it seems that themida still find that I'm debugging it. I tried to hook using Frida the NtSetInformationThread in order to block the ThreadHideFromDebugger flag, without success. I've also tried using API Monitor, with the context switch attach. I'm searching for information about some of the protection that this protector can use. Or if you have idea how to detect of search which protection it is using. thanks