Thread: Weird behavior in a patched program
View Single Post
  #3  
Old 02-22-2022, 02:12
Stingered Stingered is offline
Friend
  
Join Date: Dec 2017
Posts: 257
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 297
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Not sure I've heard of this one happening before.

1. Use ScyllaHide plugin to see if you can hide the debugger and check behavior.
2. Set debugger exception ignore range to: 00000000-99999999
3. Disable System BP and Entry BP to see if behavior changes inside debugger.
4. Create a loader to perform patch in-memory.

Research links:

https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software

https://anti-debug.checkpoint.com/
Last edited by Stingered; 02-22-2022 at 04:31.
Reply With Quote
The Following 2 Users Say Thank You to Stingered For This Useful Post:
Doit (02-23-2022), niculaita (02-22-2022)