SintAX ;), some help plz with this sd2 sice detection under 2k/xp [Archive]

View Full Version : SintAX ;), some help plz with this sd2 sice detection under 2k/xp

pasha

March 30th, 2003, 19:45

greetz all

sorry to be bothering all of you. its only that i have tried my best and patched ntice against all possible detection methods. i have securom, peshiled, pelocknt and other stuff working fine except for safedisc 2 exes

. would love to know the antidote which sintax found for his woes sometime back.

as i said, the sd2 exes simply exit without display of any messages. i have breakpointed on KiUserExceptionDispatcher, ExitProcess, RtlUnwind and what not to see where the hell the problem was, but to no avail

.. hope sintax can just type in a few lines for me

awaiting a reply..

best regards
pasha

doug

March 31st, 2003, 20:56

i'm sorry, i don't want to be offensive in the comment i will say..
But i've noticed you posted half a dozen questions (all in diff threads) on avoiding anti-softice tricks.. and it is clear that most of them are related to safedisc2.. maybe you should search more still..
or try an easier target before.. and come back to this one later on once you have gained more experience?

pasha

March 31st, 2003, 21:23

greetz

where better to search than this place

. point taken master, shall hone my skillz further

best regards
pasha

Shoob

April 1st, 2003, 10:42

Quote:

Pour passer les protections anti-débuggeur, la solution la plus simple consiste cacher notre débuggeur (SoftIce) à l'aide de
programmes bien sympathiques comme par exemple FrogsIce (de Frog's Print). Ce programme rend inefficace les routines de détections.
Les techniques de détection de SafeDisc étant quasiment resté identiques entre les versions, vous pouvez toujours utiliser le preset
"C-Dilla SafeDisc" dans FrogsIce (facultatif, car le mode par défaut marche bien aussi). Pour information, les routines de détections
utilisées sont les suivantes:
- API Test_Debug_Installed / IsDebuggerPresent
- MeltIce (avec \\.\SICE et \\.\SIWVID)
- INT 68h
FrogsIce passe très bien toutes ces protections. Un gros merci au passage à Frog's Print pour son magnifique travail. (A noter que
vous pouvez aussi utiliser IceDump comme anti-détecteur.)

Quote:

remarks several things: it contains
anti-softice routines which are cryptes, which means taht you will not be
able to modify
these ant-softice routines on the disc in order to neutralize then
definitvely. instead you will not
find the code of these routines in the file since this code is crypted. a solution consists in coding a function
which modifies the code in memory after the function of decoding finished its work but the things become
complicated singulartly when you have multi-crypted code (for the studied case, this is however feasible). to
pass anti-debugger protections the simpletest solution consists to hide our debugger (softice) using programs sympathetic
nevers such as for exmple FrogsIce. this program makes ineffective routines of detection the techniques of detection of
safedisk having almost remaned identical between the versions you can always use the preset c-dilla
safedisk. in forgsice (optinal because the mode by defect well also goes).

for example the routines of detection
used are as follows: API Test_Debug_Installed/ IsDebuggerPresent - MeltIce

(with SICE and SIWVID) - INT 68h FrogsICe
passes all those protections very well. a large thank you with the passage

to frog's print for its splendid work. (it should
be noted that you can also use icedump as anti-detector) still a general remark after launching the loader will
decipher these routines of protection and will charge them in memory like a process with share. in addition these
routines remain used througout the execution of the main program (game).

Two cut's of execellent SD2 tuts. I hope that you have the needed original cd to decrypt the code!

good look..

pps: the lower you post, the more results you will gain

(yes my english sucks heh.)

SiNTAX

April 1st, 2003, 16:03

Quote:

Originally posted by pasha
would love to know the antidote which sintax found for his woes sometime back.

Alot of hard work, sweat and tears. Anyway the best way to learn is by doing it yourself. If you get stuck, then think.. if you really get stuck, ask for advice.

As for tutorials.. don't read 'em beforehand, spoils part of the fun..

Hmm this sounds like something out of a FAQ.. maybe I should use that 'search' button and find out.. ohwell I'll just ask.. it's easier