#31
|
|||
|
|||
Quote:
ThunderPwr |
#32
|
|||
|
|||
There is no need to upload it here.
I guess you have "Relayer's EXECryptor official CrackMe" in mind: hxxp://www.crackmes.de/users/relayer/execryptor_official_crackme/ |
#33
|
|||
|
|||
It looks the only VERY VERY hard (level 8) crackme that didnt cracked for 1,5 years.
|
#34
|
||||
|
||||
Execryptors strongest part is morphing. this makes it hard to find the antidebug. but i think this crackme (execryptor) is using a int2e to kill olly.
|
#35
|
||||
|
||||
Quote:
could you perhaps explain a bit. Peace
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. |
#36
|
|||
|
|||
OK. Time to try the old search engine and enter:
"anti-debugger detection int 2e" and/or "int 2e and debugger detection" (without the quotes, of course.) and see what you get! or, gasp, you could try the search button here, and enter "int2e" (again without the quotes.) Regards,
__________________
JMI |
#37
|
|||
|
|||
Quote:
Some time ago there was a file posted in this forum which was named DEBUG-ME It was made by a member of Ar-Team. (Teerayoot) he has used INT2EW in his Debug-Me. Just take a look at that file. Hope it helps you to understand. Best Regards, Android. Last edited by Android; 06-22-2005 at 22:55. |
#38
|
|||
|
|||
version 1.1
ok,with that U can resolve all pointers of an exe,changing a little bit the code
according to my comments and your will...notepad packed in zip can be fully recovered with that script,and much more...that's it... all exceptions on Olly checked,and all list of exceptions also checked... Last edited by KaGra; 07-11-2005 at 09:56. |
#39
|
|||
|
|||
I wonder
I still cannot download but would be nice to know what packing options (morphing?) were used to pack that. |
#40
|
|||
|
|||
well
no morphing...only basic packing all on in the unregistered version...But the script is for IAT only,in not morphed...it may work in morphed but i cannot pack any...don't have registered execryptor to be sure what i pack and with what optionz...
|
#41
|
|||
|
|||
hehe
crackme cracked though gives enough ideas about the hardness of the stuff |
#42
|
|||
|
|||
But EXECryptor still not cracked )
|
#43
|
|||
|
|||
Question about the morphing, does it really matter?
Can you just make a DLL to inject which will scan the whole code section and dump it in 0x1000 blocks like how Arma can be attacked? Does the morphed code depend on the protector (like CALL instructions into protector code for example) BTW I like those idea about patching CreateFile, but really you can debug CreateFile and do the same thing. Really remember a debugger can use other things as breakpoints other than 0xCC. I have custom unpacker debugger code that uses other types of exceptions as its breakpoints...when exception comes thru it checks its internal table to see if it belongs to the debugger or not Perhaps this could be a improvement for Olly in the future, to allow the user to set custom exception breakpoints. Really in ring3 a debugger ownz azz over any program it just has to hide itself well and it can do this by debugging/emulating the instructions that the protector tries to use for detection. -Lunar |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
EXECryptor | omega_red | General Discussion | 12 | 11-02-2005 08:34 |