#31
|
||||
|
||||
First of all win2k3 is not supported at all! Maybe it's working but absolutely no guarantee. See readme.txt...
Quote:
Quote:
Quote:
|
#32
|
||||
|
||||
I've a test code for this and it's relevant only in some rare circumstances. The user mode debugger can be detected only if a kernel mode debugger is installed, running and the program debugged under the user mode debugger. I've never seen this protection in any protector but I can implement it in no time This will be done in the next release...
|
#33
|
||||
|
||||
@sendersu: If you want win2k3 support do the steps in the attached file.
|
#34
|
|||
|
|||
@ferrit.rce
Info carefully collected & sent by PM pls review |
#35
|
|||
|
|||
Quote:
It's not a reliable detection method. |
#36
|
|||
|
|||
Great job as always!
|
#37
|
||||
|
||||
New v1.7 is out. Changes:
Code:
13.01.2014 - Ini file handling reimplemented( OllyDbg dependecy reduction ) 12.01.2014 - OS detection is completely rewritten because on 8.1 GetVersionEx is deprecated 12.01.2014 - XED library added as JIT compiler( OllyDbg dependecy reduction ) - Centralized debugger dependent functionalities 08.01.2014 - Windows 8 support - Windows 8.1 support 07.01.2014 - Windows Server 2012 support 06.01.2014 - ProcessDebugObjectHandle and DebugProcessFlags was mixed up in the GUI :) 05.01.2014 - Windows Server 2008 R2 support - Windows Server 2012 R2 support 02.01.2014 - Target process memory read and write fix 12.12.2013 - Windows Server 2003 R2 support 08.12.2013 - NtSystemDebugControl |
#38
|
||||
|
||||
New v1.71 is out to solve some annoying problems. Changes:
Code:
09.02.2014 - No active debugge in case of protection changes fix - Closehandle hook moved to NtClose - Lot of internal changes |
#39
|
||||
|
||||
Quote:
My OS: Win 8.1 x 64
__________________
Welcome to my place http://www.reaonline.net |
#40
|
||||
|
||||
OK, I'll fix it ASAP...
|
#41
|
|||
|
|||
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet, I'm still looking for an assembler for x64_dbg.
Greetings |
#43
|
|||
|
|||
Hi, I'm trying to run it (VMProtect) under Olly2 without being detected:
http://www12.zippyshare.com/v/82220150/file.html I've read this thread from the top and tried a set of parameters you've mentioned earlier as well as all the OllyExt options enabled, but it still detects the existence of Olly2. I'm using Win7 x64 and the latest Olly2 and OllyExt (and no other plugins). Olly2's SFX features are all disabled and all exceptions are ignored. Any help would be much appreciated! Last edited by softgate; 02-12-2014 at 01:14. Reason: mentioned VMP and Olly2 exception settings |
#44
|
||||
|
||||
Quote:
Thanks
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#45
|
|||
|
|||
@ahmadmansoor: Somewhere these days I will start working on an open source asm parser for the XED library. I will add you to the repo when this project is started.
Greetings |
The Following 2 Users Gave Reputation+1 to mr.exodia For This Useful Post: | ||
ahmadmansoor (02-12-2014), ferrit.rce (02-12-2014) |
Tags |
anti-anti-debug, anti-debug, ollydbg, ollyext, plugin |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DEF plugin for OllyDbg 2.XX | wilson bibe | Community Tools | 2 | 07-22-2014 09:01 |