Debug Me 0.1 (Another debugging protection)

dyn!o // You're definitely right.
I didn't intend to offend you. I'm sorry if you felt like that.
What I tried to mean is it would be better if there's an external link or something like that, so that other guys could download and take a look.
(assuming that file is for less skilled people)

[Teerayoot]

I know all protection can be feated all ,but time in defeating is not same some too much some too fast cracked it.


New version i got idea from armadilo about encrypt some code before execute then decrypt it again and also protect some importance byte code but it's very simple encryption in my debug me.
And another is memory patch checking it will replace with org byte when it modified .
0.2 i pack with PE compact ,i think it will not hard to unpack let enjoy

FOr noobie cracker only

[MaRKuS-DJM]

unfucked but i really like this way of protection...

[JMI]

MaRKuS-DJM you are definately NOT "less skilled." And I hope your took my comments in the spirit of gentle ribbing in which they were intended.

A "challenge" is often hard for the competitive spirit to resist accepting, and a competitive spirit usually enjoys demonstrating that they have defeated the "challenge" and particularly if they can demonstrate that they have arrived at the finish line "first." There is nothing "wrong" with that concept and it is encouraged in most societies.

Sometimes, however, the really successful competitor can advance to the point where they come to enjoy more the encouragement of others to sharpen their competitive skills and in such games of skill they tend only to offer "hints," rather than "solutions." This form of encouragement is highly valued and, in truth, more useful than being the "first' to find a solution, because it represents a sharing of knowledge and the passing on of such knowledge to the next group, who, ultimately, will need to pass it on, and so on and so on.

So take my comments as a compliment that I judge your "skill set" to be in that group "from whom" others can benefit and that as a mentor of "less skilled" you simply need to understand that the true value is not is giving the answer, but in teaching others how to find their own.

Regards,

[MaRKuS-DJM]

to your post... very well & wise said but also from answers you can learn if you study them... earlier, when i started cracking, i looked at the differences... before patching, after patching. in this time i wasn't able to unpack any packer, this was really interesting what was done... why did a cracker that steps. and after that period, i figured out how to find my own solutions for everything. so much different ways to patch.

to be on the way you said... this target doesn't use a API to kill your olly. it has a way of anti-debug i never saw in other targets.

[JMI]

Your comments that comparison of solutions are very helpful is certainly correct. The only point I am suggesting is that if a solution is released too early, it does tend to cut down on efforts of others to find their "own" solution. That result is not "caused" by your posting of a solution, but by the nature of some to stop their own efforts when anyone gives them a solution.

Regards,

[Michel]

@JMI : You seem to be a very fine "mind-unwrapper" ! nice !

[MaRKuS-DJM]

do you think so? but i think if you really want to learn how to do it you will do it... and following the steps done in this solution is also own effort

[NeOXOeN]

i think what Teerayoot did its very nice.. putting out exe and source so everyone cal learn from it ...there should be more ppl like him
Since now days not a lot of ppl are contributing to scene or reversing ..especially with their ideas and all .. A lot of good work stays priv.. and poor and more or less crap is comming out...


So i am glad something nice came out for a change


bye NeO

IMHO, very easy protection . The method of redirecting to OEP is old as my grandma - JMP EAX. As soon as it have been located, put there Hardware BP, step into and you are on OEP .

[MaRKuS-DJM]

marcoden, what you did is unpacking the PeCompact. the goal is to remove the anti-debug protection

[Michel]

Thanks Teerayoot, I propose this solution but I am not sure it's you are waiting for