#1
|
|||
|
|||
Debugger detected
Hello,
I am trying to use Ollydbg on Password keeper 6.6 but I will get an error and the program will terminate. “Please close debugger for program to run” Can any1 help? Thanks, H**p://www.gregorybraun.com/PassKeep.html |
#2
|
|||
|
|||
You need to hide the debugger. The HideDebugger plugin from Asterix works great, and it does work on this target.
The target apparently is Armadillo, according to PEiD. It pretty much sticks to reasonably named registry entries, but there are a few entries added to: HKLM\SOFTWARE\Licenses\ As far as dumping goes, I would look into writing an OllyScript. The latest version is quite awsome!!! Hope this helps. |
#3
|
|||
|
|||
Some more help, please
Thank you sgdt! I used the HideDebugger plugin from Asterix and I can run the prg with Olly. Can any1 give me a tip on you to find the magic number?
I looked all over the place but I don’t get anywhere Thanks, |
#4
|
|||
|
|||
Set a breakpoint on lstrcmp and you just might lucky (hopefully the number you entered will be compared to the true number).
Also, about your isdebuggerpresent, if it's an easy protection you can (in Olly), right click in the CPU window (after loading your program but not starting it), press 'Alt+E' then select 'kernel32.dll', and click 'View names', and type isdebuggerpresent, then double click the line you land on, when you get there press 'F2' to set a breakpoint, hit F9 to execute the program, once you land there press 'F8' until you see a '01' just below the CPU window and just above the hex dump view, when you see it select and right click that line and choose 'Follow in dump->Selected', highlight the 01 (in the hex dump view) and type 00 to change it from 01 to 00, this will disable the debugger check. Thought I'd tell you this to at least try something once before defeating the protection automatically. Last edited by Nilrem; 03-05-2004 at 15:52. |
#5
|
|||
|
|||
Thank you, but...
Hello
Thank you for your recommendations. Unfortunately, none of the break point is used, worked(Olly did not break). Please take a look and tell me if these are the one you referring too. I set BP on lstrcmpA, lstrcmpiA, lstrcmpW, and lstrcmpiW. Thanks for your help, |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
vmprotect v3 debugger detected | 1ST | General Discussion | 13 | 09-25-2018 23:28 |