|
I am really impressed (very rare feeling of me) that someone bothered to explain the idea of the discussed contest. I did not really expect that. Thank you.
Unfortunately I will persist in mine opinion (maybe because I rarely change it). I do not mean that you want to develop a protector, I am afraid that the work of enthusiastic hobbyists, like ExeTools members, may be used in some commercial project without their gratification. I have no rights to judge the real intentions of this contest, but I believe you could achieve similar benefits (in the scientific meaning), to the one you claim, by posting a thread on ExeTools and RCE message boards.
My personal note: OllyDbg is a really powerful tool. You are right by saying "OllyDbg is used more and more" but my small suggestion is: detection of OllyDbg as a standalone software is not powerful. Moreover, any detection of a standalone product is weak because:
- you can always modify the product, even if you are not the author (the same is for OllyDbg. I have own, customized version, not detectable so far),
- you can always modify the protection and find the check (I am suggesting that in my humble opinion a debugger prevention should not be based on a single check but a kind of specifc code mixed within protected code).
I am not any expert, but I would suggest a lower level (in the meaning of software architecture). There are many possibilites of killing/detecting all the debuggers (including these not made yet) based on the features of OS and x86 specification. With some invention you can build not only a powerful shield, unimaginable hard to defeat, but also a cross-platform anti-debug protection - stronger than StarForce and XProtector owns (using drivers for ring0 debuggers and exceptions for ring3 tools/debuggers is an outdated idea).
Anyway, I am still impressed with your answer being posted here. Congratulations for bracing up the courage and good luck in your work.
Regards,
dyn!o
|