Debug Me 0.1 (Another debugging protection)

[MaRKuS-DJM]

to your post... very well & wise said but also from answers you can learn if you study them... earlier, when i started cracking, i looked at the differences... before patching, after patching. in this time i wasn't able to unpack any packer, this was really interesting what was done... why did a cracker that steps. and after that period, i figured out how to find my own solutions for everything. so much different ways to patch.

to be on the way you said... this target doesn't use a API to kill your olly. it has a way of anti-debug i never saw in other targets.

[JMI]

Your comments that comparison of solutions are very helpful is certainly correct. The only point I am suggesting is that if a solution is released too early, it does tend to cut down on efforts of others to find their "own" solution. That result is not "caused" by your posting of a solution, but by the nature of some to stop their own efforts when anyone gives them a solution.

Regards,

[Michel]

@JMI : You seem to be a very fine "mind-unwrapper" ! nice !

[MaRKuS-DJM]

do you think so? but i think if you really want to learn how to do it you will do it... and following the steps done in this solution is also own effort

[JMI]

But are you taking into full account the tendency of many to "settle" for the easy way out?? They may "want to do it," but just how hard are they willing to work at it themselves, especially if the going gets slow and they have little patience for a lack of "instant gratification." There are certainly many who are equally determined to "do it on their own" who would not want to look at someone else's solution until they had exhausted their own efforts and, hopefully, reached a solution on their own.

However, consider that it is often those who are not sufficiently skilled who discover a "new" way to accomplish the solution, simply because those more "trained" tend to think there is a "correct" way to do something, and the "less skilled" simply don't know that one is not "supposed" to be able to do it the way they finally figured out how to accomplish the task.

So, I simply suggest that "hints" and "nudges" are of more assistance to such individuals at this early stage in their development. Asking them to exercise their brain with "original" though is usually of more benefit in the learning process, than asking them simply to analyze someone else��s solution to the problem. But clearly this also can be of great benefit, when one's own thought have seemed to hit a dead end or lack of inspiration. I don��t think we are really disagreeing on anything.

Regards,

Hi,
There is a command
INT 2E
If I'm able to nop it all the ptotection is gone.
But the problem is that I can't NOP it.
Any Suggestion?
Regards,
Android.

[MaRKuS-DJM]

there's a function inside this program which overwrites your patch again and again... so maybe a memory-bp helps

[Teerayoot]

source code provided

*I love to provide all source code i made,hope for help some newbie coder*

[NeOXOeN]

i think what Teerayoot did its very nice.. putting out exe and source so everyone cal learn from it ...there should be more ppl like him
Since now days not a lot of ppl are contributing to scene or reversing ..especially with their ideas and all .. A lot of good work stays priv.. and poor and more or less crap is comming out...


So i am glad something nice came out for a change


bye NeO

IMHO, very easy protection . The method of redirecting to OEP is old as my grandma - JMP EAX. As soon as it have been located, put there Hardware BP, step into and you are on OEP .

[MaRKuS-DJM]

marcoden, what you did is unpacking the PeCompact. the goal is to remove the anti-debug protection