Arma question (again...)

[hobgoblin]

I did run Olly without having the Memory Access Violation checked. After one F9 and two SHIFT F9's I end up here:

004978F4 F0:F2: LOCK PREFIX REPNE: ; LOCK prefix is not allowed
004978F6 F9 STC
004978F7 B0 F4 MOV AL,0F4
004978F9 B1 B0 MOV CL,0B0
004978FB B0 B0 MOV AL,0B0
004978FD B0 F0 MOV AL,0F0

Many packers and protectors checks the first bytes of the API functions to decide whether breakpoints, "INT3" (CCh), are placed.

Thefore, you could defeat the API detector by breaking at the next second or third instructions.

Not so easy... many protectors use disasm engine (like zombie's xde) and check more than 2-3 instructions.

[Kyrios]

Quote:

I did run Olly without having the Memory Access Violation checked. After one F9 and two SHIFT F9's I end up here:

Then u another Shift+F9 pressing till you meet the similar codes i type above. Because i set some custom exceptions in "Ignore also following custom exceptions or ranges".

kyrios

Quote:

Originally Posted by Kyrios

Then u another Shift+F9 pressing till you meet the similar codes i type above. Because i set some custom exceptions in "Ignore also following custom exceptions or ranges".

kyrios

completely agree

[hobgoblin]

Thanks for the input, but it doesn't work on my computer. when I hit Shift F9 once more I end up here:

0049F1B1 EC IN AL,DX ; I/O command
0049F1B2 8BF5 MOV ESI,EBP
0049F1B4 2031 AND BYTE PTR DS:[ECX],DH
0049F1B6 3132 XOR DWORD PTR DS:[EDX],ESI

If I push Shift F9 once more after this,the program terminates.

make sure you have all bp removed includeing hw bps.. Also just keep restarting the program over and over.. after a while i will run. I have seen this problem with a lot of arma apps.

BTW anyone that runs winxp sp2 does the hidedebugger plugin work for you?

Quote:

Originally Posted by hobgoblin

If I push Shift F9 once more after this,the program terminates.

try use Hide Debugger v1.0.1,must operate