Thread: How to defeat Password Reminder 1.6 ? (An unknown protector)
View Single Post
  #8  
Old 02-12-2005, 06:39
taos's Avatar
taos taos is offline
The Art Of Silence
  
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 137 Times in 36 Posts
taos Reputation: 54
Quote:
Originally Posted by newbie_cracker
[CODE]
Code:
004FBB7A    8038 CC         CMP BYTE PTR DS:[EAX],0CC
004FBB7D    74 0A            JE SHORT PASSWORD.004FBB89
This code "maybe" a BP detection because CC is the opcode of INT 3.
Quote:
Originally Posted by newbie_cracker
Is there a fixed address in memory which used by OllyDbg for storing breakpoint addresses? How SDProtector detects them?
AFAIK when you set a BP, Olly puts a CC to use its handler, so I think no memory is used to store it, only wait until INT 3.
If you're talking about Hardware BP, I think Olly stores its addresses in a local var, so no fixed address...Ummh!! I know that Registers DR0-DR3 are for debug breakpoints and curiously Olly only can set 4 Hardware BP .
The protection can read and compare this registers.
Maybe that uses a code-execute time detection too.

Regards
Last edited by taos; 02-12-2005 at 06:42.
Reply With Quote