Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #106  
Old 07-19-2021, 17:32
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
I found this page to be very useful when porting old stuff into new v7.x

https://hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml
Reply With Quote
  #107  
Old 06-03-2023, 00:17
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
How to bypass Debbuger setected (E0033) by Sentinel protection in xdbg 32/64 ?
schillahide profiles are not enough
__________________
Decode and Conquer
Reply With Quote
  #108  
Old 06-03-2023, 03:45
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
"selected" or "detected" ?
2) pls share your sample so reversers will have a chance to dig into
otherwise you have to find the magic ball
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
niculaita (06-03-2023)
  #109  
Old 06-03-2023, 04:31
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
literally any scylla profile works for me, e.g. vmp
Reply With Quote
  #110  
Old 06-04-2023, 01:09
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
I mean in windows under 10 22H2 x32 x64 with x32dbg.exe
__________________
Decode and Conquer
Reply With Quote
  #111  
Old 06-04-2023, 16:14
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Have you tried other debuggers like Ollydbg (YES! it still works in w10/11 in 32 bits)
or Ida Pro?
Reply With Quote
  #112  
Old 06-04-2023, 17:01
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
ollydbg special custom in win 7 32 yes
windows 10 32 and 11 x64 no success

from log
2023.06.04 11:52:56 INFO: Loaded VA for NtUserBlockInput = 0x76CE4AE0
2023.06.04 11:52:56 INFO: Loaded VA for NtUserQueryWindow = 0x76CE1160
2023.06.04 11:52:56 INFO: Loaded VA for NtUserGetForegroundWindow = 0x76CE13F0
2023.06.04 11:52:56 INFO: Loaded VA for NtUserBuildHwndList = 0x76CE1220
2023.06.04 11:52:56 INFO: Loaded VA for NtUserFindWindowEx = 0x76CE16F0
2023.06.04 11:52:56 INFO: Loaded VA for NtUserGetClassName = 0x76CE17C0
2023.06.04 11:52:56 INFO: Loaded VA for NtUserInternalGetWindowText = 0x76CE1650
2023.06.04 11:52:56 INFO: Loaded VA for NtUserGetThreadState = 0x76CE1080

can you sent folder of you debuger with cfg and ini files for plugin and other settings for x64/32dbg ?
__________________
Decode and Conquer
Reply With Quote
  #113  
Old 06-04-2023, 19:40
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Debugger detected (E0033) by Sentinel protection LDK
uses some custom-made detection, this is not a single checkbox (or even set of checkboxes) from S.Hide
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
niculaita (06-04-2023)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ScyllaHide HookLibraryx86.dll phroyt General Discussion 3 10-25-2019 09:48
ScyllaHide Detector Lueilwitz Source Code 2 08-07-2019 06:32


All times are GMT +8. The time now is 07:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )