Thread: Obsidium protection scheme as a target!
View Single Post
  #4  
Old 10-12-2014, 07:48
mm10121991 mm10121991 is offline
VIP
  
Join Date: Feb 2011
Posts: 136
Rept. Given: 29
Rept. Rcvd 56 Times in 34 Posts
Thanks Given: 7
Thanks Rcvd at 24 Times in 13 Posts
mm10121991 Reputation: 58
Yes, obsiduim has a custom way to detect hwbp. If I remember well, It sets the hwbp to some specific location in the code to trigger the seh and the seh will set some values in memory.
after returning from the seh, those values will be tested to detect if hwbps were modified.

if you want to get near oep on 4.x targets, you can use this script.
It worked on many targets but I don't guarantee that it will work always.
Use a hidden olly.No hwbp and start it from entrypoint.
Attached Files
File Type: txt ObsiduimOEP.txt (1.6 KB, 32 views)
Last edited by mm10121991; 10-12-2014 at 08:23.
Reply With Quote
The Following User Gave Reputation+1 to mm10121991 For This Useful Post: