Here you can find it

http://waleedassar.blogspot.com/2012/09/pageexecutewritecopy-as-anti-debug-trick.html ("http://waleedassar.blogspot.com/2012/09/pageexecutewritecopy-as-anti-debug-trick.html")

Any comments or ideas are very welcome

though virtualquery / virtual protect / access violation check / guard page seh handler and that kind of things are a bit old

i want to comment that using of hardware bps for step over / trace over etc isn't new to odbg 2.1

it has been there for quiet some time iirc from 1.08

a screen shot for 1.10 where you can ask odbg to set hbp for step over posted below

Oh, yeah. This was just to note that not every OllyDbg version has this option e.g. OllyDbg v2.00.01 (Latest 2.x version) seems to lack this option. Thanks anyway, i have updated the blog post to include OllyDbg v1.10.

This is not a trick.

I am sure i am not so good at naming stuff. but what is your point?

Could you please elaborate more?

look for articles by peter ferrie / kris kaspersky etc


basically ollydbg break on memory access uses PAGE_GUARD and handles the exception raised iirc 0x80000001 and resets the flag using VirtualProtect

which possibly can be monitored is the underlying concept

By the way, the way Breakpoint-> Memory-On-Access works in OllyDbg is not by calling the "VirtualProtectEx" function with the "flNewProtect" parameter set to PAGE_GUARD. It just works by calling the "VirtualProtectEx" function with the "flNewProtect" parameter set to PAGE_NOACCESS. However, OllyDbg properly handles STATUS_GUARD_PAGE_VIOLATION exceptions.

VirtualAlloc( MEM_WRITE_WATCH ) is similar

Thanks Sir. I really did not know that. It is really useful.