Problem with old SDProtector

[ahmadmansoor]

Hi my dear friend Newbie_Cracker :
about this protecter for hide ur olly it easy hehehe... How ? this is
tools :
if u use olly without unpatch version (normal) all u have to do is :
use just Olly Advanced 1.26 beta 12 with this option
Anti-Debug : Enable all except :kill anti-Attach
Get TickCount : counter+1
debug bits : Enable all
Then use HideToolz V2.1
and all will work
Don't use any of HideOD or PhantOm make them all disable
___________
but if u use OllyIce patched version by Hacnho u don't want to use

HideToolz
__________________________________________
note BP and HBP will not work it will catch it . but i have way to pass it
wait to next Post Or PM
Ur best Friend AhmadMansoor

by the way did u fiend the way to modify Olly 2.0 to enable Plgins menu . I

am working on it ...

[Newbie_Cracker]

Dear AhmadMansoor, my patched OllyDbg is hidden agains SD blacklist, like ACPU, ACPUASM...etc. So HideTools is not needed. StrongOD plugin works like HideToolz. But I had used them with no success.
SndDbg and hacnho OllyIce failed too.

The father process has no problem, but if I wanna bypass child creation (by moving 8 to eax at the end of routine), debugger will be detected.

On some targets, this procedure will works:
1- BP on CreateFileA,ALt+F9, CTRL+F9, move 8 into EAX, F9... and Debugger is detected !.
Now CTRL+F2 and restart the target.
2- This time I just press F9 and target will run inside OllyDbg (this worked on just one target, but not worked for others. I thinks because of minimum protection)

Why child won't be created?
Because temp files are created before and SD thinks fathers has run this child process

So It's not because of single step breakpoint (I used HW BP for tracing too), but maybe because of timing check.

The attached target is SD1.12, but too restive !

Maybe unpacking and reversing loveboom unpacker is the last way !

PS: Olly 2.0 has no export needed for plugins, so they cann't be run !