Log in

View Full Version : Anything new on heh, on the subject of anti debugging....


MCooly
December 7th, 2000, 16:54
I read a post "heh, on the subject of anti debugging...." by Lord Soth and I think a have found a game that uses similar protection. The game, sacrifice, uses Meltice and int68 for anti-debug checks however if you bypass them the program just crashes and is very self modifying.

Lord Soth (or anyone else for that matter), made any progress on bypassing the anti-D protection?

Jueteng Lord
December 8th, 2000, 03:57
Quote:
MCooly (12-07-2000 05:54):
the program just crashes and is very self modifying.


Is it real self modifying or just obfuscation code. IMO, there is a distincition between self-modifiying and obfuscation code (like jmp macros, garbage code, etc).

MCooly
December 8th, 2000, 06:12
I think your right that it isn't self modifying (bare with me I'm very new to this stuff).

It looked self modifying because softice was loosing lines of code. You'd have a command and after it was executed its entire line would dissapear and be replaced by the line underneath or some other garbage code. When the code eventually jumps back to these specific locations where the code disapears, right before execution of that line, the code would return to normal.

Before I was just quickly running through the program so it looked like it was modifing the code, however I just looked closer and no opcodes are modified they just disapear or become garbage until the next time its executed.

I'm still very new to this and I have not seen softice do this before. Why does it do this?