SVKP, Armadillo or SDProtector

Ricardo

Quote:

if you look the api GetTickCount the program take the time, but in a moment compare the time witha previous time and decide if create the second process or not.
In this form altering only one jump or playing with the times you can run in one single process mode and the unpack is very easy.

armadillo is very more difficult obviously.

Have you ever tried the lastest version - SDProtector 1.16? It's not so easy as you said; soft defender is just a very old version of SDProtector, it seems the author has already switched to SDProtector and given up soft defender.

Quote:

Originally Posted by iwill

Have you ever tried the lastest version - SDProtector 1.16? It's not so easy as you said; soft defender is just a very old version of SDProtector, it seems the author has already switched to SDProtector and given up soft defender.

Very interesting, can you provide setup or sample?

[ricnar456]

than is based in old softdefender and with non registered version but i think the idea for make one only single process is the same in sdpro, i don't know if all is exactly in the last version and when i look i add the newer additions but i think the idea can help others here the tuts of softdefender.



Ricardo Narvaja

SDProtector isn't hard.

It has a funny way to jmp to entry point, which i call a kind of domino..

The anti debugging isn't really hard to bypass. The threads used to detect
Debuggers, dumpers , and IAT recoverer are easy to disable because of a bad vulnerability in the implementation.

The IAT redirection is simple as shit. you just need to write a simple Imprec plugin and its gone.. Beside, i have noticed that it will sometimes change his
redirection, i don't even bother to re write the plugin.. i just close the app, and try again

The only fun part is the jmp to oep, which i have already seen in some custom protection.

to me : Armadillo
SDProtector
SVKP

Bye.