Hi all,
I'm happy to publish the following result reached by
one of the biggest reverser in the current scene:
faina.
Every version of the packer available up to know
simply checks for the OpenMutex API before starting as
debugger process or debugged process respectively.
So, if you want to avoid the debug blocker feature
simply check the OpenMutex calls.
Obviously it works on EVERY windows system.
And obviously it works good for targets that can run directly
without other protections (copymem etc.).
Hope this will help and will be improved (olly scripts etc.).
Cheers Z..