penguin0103:
Apparently you are one of those individuals who prefers "instant gratification" and who objects when you are advised what most people who pose questions such as yours are advised. "Reverse engineering" is a "skillset" that requires the "input" of "effort" on the part of its participants.
Also typical of those with low threshholds for the denial of their desire for "instant gratification," you bemoan being advised that YOU should both take the time to learn the basics and that YOU should spend quality time learning the "skill" of finding what YOU want in your quest to achieve reverse engineering skills.
Also, again "typical" of those with low threshholds for the denial of their desire for "instant gratification," when you initial request is met with a suggestion that YOU should spend some personal effort at achieving the answer to your request, you attack the giver of the advise and then attempt to escape criticism by
CHANGING THE QUESTION to one hoped to portray yourself in a more favorable light.
Originally, you were bemoaning your lack of skillset at understanding assembly language and understanding the code. You did NOT ask for "ADVICE on WHICH PLACE was BEST to LEARN from." What you reported was that you had simply tried one particular debugger hider, without any real understanding of "how" or "why" it worked or did not work and you made a couple of changes in "IsDebuggerPresent api" and "GetCurrentProcessId" and damn, your target was still detecting the debugger. Imagine that!
So instead of spending
any quality time in researching "How Debuggers are Detected" and/or how Olly is "detected," you walz in here, admitting you really don't understand much that the code is telling you, don't really understand that packer identifiers can, themselves, be fooled and mis-identify what has actually packed a target and actually asked:
"does anybody know what I can do to get by this?"
So you were given a "clue", which you apparently followed, and then came back admitting that what you found was "beyond" your skillset. So naturally you were advised you should work on that "missing" element, i.e. developing your skillset. Now you wine that you only wanted to know the "best" place to find the answer.
The answer to that question is: "using
your brain and spending the time to learn." First, if you "know little about assembly language, your skillset at using a debugger is severly limited. If you don't understand what the debugger is showing you, how do you propose to figure out what it is doing?
How do you learn some basic skills in understanding assembly? You spend the time studying. Where do you go to learn? YOU use YOUR brain. You try something like "learn assembly" (without the quotes) in YOUR favorite search engine and/or the search engine here and YOU "actually read some of what you find!" YOU look through some of the many links at the bottom of these Forums and YOU spend the time reading up on assembly language.
YOU go to your favorite search engine and YOU enter something like ""detecting OllyDBG" (again without the quotes) and YOU read some of the hits you will get. I got 21,400.
Then YOU might try researching how packers "fake" signatures to make YOU think they are something else.
But YOU just want SOMEONE ELSE to GIVE you the ANSWER so YOU don't have to actually DO ANY REAL WORK or actually WAIT for the "instant gratification" of solving YOUR target of the moment!
And YOU wonder WHY someone as nice as yourself could be treated so badly?
We call it: "Tough Love!"
There simply is no substitute for actually spending the time to learn what you actually are doing.
Regards,