Not sure I've heard of this one happening before.
1. Use ScyllaHide plugin to see if you can hide the debugger and check behavior.
2. Set debugger exception ignore range to: 00000000-99999999
3. Disable System BP and Entry BP to see if behavior changes inside debugger.
4. Create a loader to perform patch in-memory.
Research links:
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
https://anti-debug.checkpoint.com/
Last edited by Stingered; 02-22-2022 at 04:31.
|