olly & app crash
 

just got one app to look at, and it crashes before loading in my olly.
(it's renamed version with no olly strings with hidedbg.)

so, can somebody give me a hint is there a new dillo or something, or is this something custom-made.

thanks.

What's the packer? Consult PEiD..:) or is it says 'nothing found'..

maybe it use the TLS trick

there's other way to crash olly without TLS, I call it "SYSTEM_KERNEL_DEBUGGER_INFORMATION"
using ZwQuerySystemInformation.
Regards

thanks guys, just wanted to know if these symptoms point to some commercial protection since i'm lagging behind alot.

anyway, i've got a hint it's an execryptor, so i'll take look since it will probably become very trendy :) thanks again.

optimus_prime
then install patch for olly(olly invisible),this must help under execryptor

yeah, thanks, just had some spare time, so i fired up softice.

it's not an execryptor it's dna 3 from
http://www.softworkz.com/DNA3/
if anyone cares :)

where can i read more about this trick you are all reffering too??
it "SYSTEM_KERNEL_DEBUGGER_INFORMATION"
or what TLS tricky??


bye NeO

well in my case it's tls, don't know if it is well papered trick tho.

anyway there's nice plug on reversing.be NtGlobalFlag by stingduk/jm, that can help you catch it.

read what junemouse has to say:
http://www.exetools.com/forum/showthread.php?t=7363

:)

DNA? Haven't heard of it yet... Anyway seems a smart baby. Softworkz Pricing seems interesting..

@ taos : Any more info about the "SYSTEM_KERNEL_DEBUGGER_INFORMATION".

The NtGlobalFlag v 1.1 OllyDbg Plugin Attached.

I had the some problem on a app the reasen it crashed was that it was a .net file but I could´t see that cause it was protected.

i found another protection protected with DNA 3... AID4MAIL 1.86.
anyone has info about it? i heard it's really strong!