Thread: Lycosidae - Modern Anti Debug
View Single Post
  #3  
Old 10-19-2019, 21:15
Lueilwitz Lueilwitz is offline
Friend
  
Join Date: Jul 2019
Location: DNR
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 16 Times in 7 Posts
Lueilwitz Reputation: 0
Quote:
Originally Posted by zeffy View Post
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?

For example, https://www.nayuki.io/page/forcing-a-files-crc-to-any-value

Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.

I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already.
If u have free time, welcom to contribute!
Reply With Quote