Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Debugger detected
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-04-2004, 10:40
StilLearning
 
Posts: n/a
Unhappy Debugger detected
Hello,
I am trying to use Ollydbg on Password keeper 6.6 but I will get an error and the program will terminate. “Please close debugger for program to run”
Can any1 help?
Thanks,


H**p://www.gregorybraun.com/PassKeep.html
Reply With Quote
  #2  
Old 03-04-2004, 11:19
sgdt
 
Posts: n/a
You need to hide the debugger. The HideDebugger plugin from Asterix works great, and it does work on this target.

The target apparently is Armadillo, according to PEiD. It pretty much sticks to reasonably named registry entries, but there are a few entries added to:

HKLM\SOFTWARE\Licenses\

As far as dumping goes, I would look into writing an OllyScript. The latest version is quite awsome!!!

Hope this helps.
Reply With Quote
  #3  
Old 03-05-2004, 08:48
StilLearning
 
Posts: n/a
Unhappy Some more help, please
Thank you sgdt! I used the HideDebugger plugin from Asterix and I can run the prg with Olly. Can any1 give me a tip on you to find the magic number?
I looked all over the place but I don’t get anywhere
Thanks,
Reply With Quote
  #4  
Old 03-05-2004, 15:42
Nilrem
 
Posts: n/a
Set a breakpoint on lstrcmp and you just might lucky (hopefully the number you entered will be compared to the true number).

Also, about your isdebuggerpresent, if it's an easy protection you can (in Olly), right click in the CPU window (after loading your program but not starting it), press 'Alt+E' then select 'kernel32.dll', and click 'View names', and type isdebuggerpresent, then double click the line you land on, when you get there press 'F2' to set a breakpoint, hit F9 to execute the program, once you land there press 'F8' until you see a '01' just below the CPU window and just above the hex dump view, when you see it select and right click that line and choose 'Follow in dump->Selected', highlight the 01 (in the hex dump view) and type 00 to change it from 01 to 00, this will disable the debugger check.

Thought I'd tell you this to at least try something once before defeating the protection automatically.
Last edited by Nilrem; 03-05-2004 at 15:52.
Reply With Quote
  #5  
Old 03-06-2004, 08:32
StilLearning
 
Posts: n/a
Unhappy Thank you, but...
Hello
Thank you for your recommendations. Unfortunately, none of the break point is used, worked(Olly did not break). Please take a look and tell me if these are the one you referring too.
I set BP on lstrcmpA, lstrcmpiA, lstrcmpW, and lstrcmpiW.
Thanks for your help,
Attached Images
File Type: jpg olly.jpg (127.2 KB, 35 views)
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
vmprotect v3 debugger detected 1ST General Discussion 13 09-25-2018 23:28


All times are GMT +8. The time now is 11:45.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )