Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Lycosidae - Modern Anti Debug
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 10-19-2019, 21:15
Lueilwitz Lueilwitz is offline
Friend
  
Join Date: Jul 2019
Location: Worldwide
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 16 Times in 7 Posts
Lueilwitz Reputation: 0
Quote:
Originally Posted by zeffy View Post
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?

For example, https://www.nayuki.io/page/forcing-a-files-crc-to-any-value

Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.

I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already.
If u have free time, welcom to contribute!
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
C# Anti-Debug and Anti-Dumping (source code) Zeokat Source Code 0 12-29-2021 04:06


All times are GMT +8. The time now is 12:05.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )