Exetools
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   x64 OS (https://forum.exetools.com/forumdisplay.php?f=44)
-   -   x64 and anti-debugging (https://forum.exetools.com/showthread.php?t=12726)

Fyyre 02-10-2011 02:47
This code is intended to crash Ollydbg, or cause a silent exit ?

-Fyyre

Quote:
Originally Posted by arlequim (Post 71181)
I see you are really interested on this subject, here is a little tricks for OllyDbg 1.10:

Code:
;bye OllyDbg 1.10 :))
.data
byeolly qword -1
word 403Dh
.code
start:
fld tbyte ptr ds:[byeolly]
end start
Dunno if it works, let me know. Bye! ;)

arlequim 02-10-2011 06:29
Quote:
Originally Posted by Fyyre (Post 71405)
This code is intended to crash Ollydbg, or cause a silent exit ?

-Fyyre
Unfortunately i can't reply you atm, try yourself as it ain't dangerous code... ;)
If i gather other anti debug codes, i will post then on this thread, be sure. Bye!

Av0id 02-10-2011 13:13
Code:
fld tbyte ptr ds:[byeolly]
this bug is pretty old, strongod fix fpu-bug will fix it, also there're was patch for it

Evilcry 08-31-2011 14:27
Hi,

Searched on the forum to not duplicate post, last reference was on previous version, so here:

OllyDbg plugin Stealth64 1.3

Quote:
Anti Anti and compatibility plugin for Olly 1.10 running on Vista x64.

I made this little plugin to make unpacking on Vista x64 a bit more bearable ;)

It has most of the know anti-anti and makes an effort to make Olly behave like it should on regular x86 machines.
Next to this I implemented my own version of the OllyBone 'Break On Execute' making unpacking some simple packers a lot easier.

http://tuts4you.com/download.php?view.2425

Regards,
Evilcry

qkumba 11-15-2011 05:24
The FPU bug causes OllyDbg to crash when disassembling that part of the code.
It's caused by using the wrong mask, so the exception is not hidden.
Most of the patches don't fix the problem (just needs to change the mask) - they change the instruction or do other silly things.


All times are GMT +8. The time now is 16:56.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX