Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Lycosidae - Modern Anti Debug
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #2  
Old 10-19-2019, 14:07
zeffy zeffy is offline
Friend
  
Join Date: Jul 2017
Posts: 44
Rept. Given: 3
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 212
Thanks Rcvd at 163 Times in 47 Posts
zeffy Reputation: 7
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?

For example, https://www.nayuki.io/page/forcing-a-files-crc-to-any-value

Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.

I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already.
Reply With Quote
The Following 5 Users Say Thank You to zeffy For This Useful Post:
Abaddon (10-19-2019), chessgod101 (10-20-2019), Lueilwitz (10-19-2019), niculaita (10-19-2019), nimaarek (10-29-2019)
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
C# Anti-Debug and Anti-Dumping (source code) Zeokat Source Code 0 12-29-2021 04:06


All times are GMT +8. The time now is 02:11.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )