View Single Post
  #3  
Old 02-22-2022, 02:12
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 186
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 239
Thanks Rcvd at 135 Times in 64 Posts
Stingered Reputation: 2
Not sure I've heard of this one happening before.

1. Use ScyllaHide plugin to see if you can hide the debugger and check behavior.
2. Set debugger exception ignore range to: 00000000-99999999
3. Disable System BP and Entry BP to see if behavior changes inside debugger.
4. Create a loader to perform patch in-memory.

Research links:

https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software

https://anti-debug.checkpoint.com/

Last edited by Stingered; 02-22-2022 at 04:31.
Reply With Quote
The Following 2 Users Say Thank You to Stingered For This Useful Post:
Doit (02-23-2022), niculaita (02-22-2022)