Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New Protector
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-02-2003, 02:12
Lunar_Dust
 
Posts: n/a
I've found the anti-autodump stuff to be working pretty well, he creates a .tmp file which contains a value calculated from the API GetTickCount(), - then simply calls CreateProcess(). Looks like the new process looks for the file, gets tick count again possibly, and decides if it's being debugged. Anyways, it hurts a debugger because it basically switched processes. (or so it would seem )

It doesn't affect debugging however, except in the fact that you can't latch on to the new process like you wish you would.

Also, the program continues to readfile upon some file (don't know yet, haven't traced it). Once this readfile is in place, I notice all original program's data is now in memory and valid, even the OEP bytes are still intact.

Beatch is going down soon, I can emulate any call I want...hehe

-Lunar
Last edited by Lunar_Dust; 09-02-2003 at 03:20.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Best software protector: Themida or Enigma Protector? smartins General Discussion 13 04-27-2010 17:58
Has anyone seen this protector used yet? Nalpeiron Protector JCB General Discussion 0 10-02-2005 01:50


All times are GMT +8. The time now is 03:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )