olly & app crash

#1 08-13-2005, 03:35

just got one app to look at, and it crashes before loading in my olly.
(it's renamed version with no olly strings with hidedbg.)

so, can somebody give me a hint is there a new dillo or something, or is this something custom-made.

thanks.

codeX · #2 08-13-2005, 15:03

What's the packer? Consult PEiD..

or is it says 'nothing found'..

dj-siba · #3 08-13-2005, 15:50

maybe it use the TLS trick

taos · #4 08-13-2005, 23:55

there's other way to crash olly without TLS, I call it "SYSTEM_KERNEL_DEBUGGER_INFORMATION"
using ZwQuerySystemInformation.
Regards

#5 08-14-2005, 15:49

thanks guys, just wanted to know if these symptoms point to some commercial protection since i'm lagging behind alot.

anyway, i've got a hint it's an execryptor, so i'll take look since it will probably become very trendy

thanks again.

#6 08-14-2005, 23:29

optimus_prime
then install patch for olly(olly invisible),this must help under execryptor

#7 08-20-2005, 20:11

yeah, thanks, just had some spare time, so i fired up softice.

it's not an execryptor it's dna 3 from
http://www.softworkz.com/DNA3/
if anyone cares

NeOXOeN · #8 08-21-2005, 06:41

where can i read more about this trick you are all reffering too??
it "SYSTEM_KERNEL_DEBUGGER_INFORMATION"
or what TLS tricky??

bye NeO

#9 08-21-2005, 06:50

well in my case it's tls, don't know if it is well papered trick tho.

anyway there's nice plug on reversing.be NtGlobalFlag by stingduk/jm, that can help you catch it.

read what junemouse has to say:
http://www.exetools.com/forum/showthread.php?t=7363

codeX · #10 08-22-2005, 02:49

DNA? Haven't heard of it yet... Anyway seems a smart baby. Softworkz Pricing seems interesting..

@ taos : Any more info about the "SYSTEM_KERNEL_DEBUGGER_INFORMATION".

The NtGlobalFlag v 1.1 OllyDbg Plugin Attached.

Quote:

This Ollydbg plugin logs all debugstrings that are emitted by the windows loader and logs it in ollydbg log window. Functionality to break on TLS CALLBACKS as well as on Dll Init Routines has been added.

#11 08-22-2005, 04:03

I had the some problem on a app the reasen it crashed was that it was a .net file but I could´t see that cause it was protected.

conan981 · #12 06-10-2006, 00:03

i found another protection protected with DNA 3... AID4MAIL 1.86.
anyone has info about it? i heard it's really strong!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Olly Crash when this simple app loaded...	kunam	General Discussion	6	10-10-2023 21:00
Installation of DriverStudio 3.2 causes System Crash	rcer	General Discussion	7	09-20-2009 09:25
Strange Crash in Armadilled Program	TmC	General Discussion	4	06-03-2006 21:08
Program crash	MAHMUT	General Discussion	22	03-03-2005 18:50