"INT 3" modify problem in safedisc 2.90..... [Archive]

View Full Version : "INT 3" modify problem in safedisc 2.90.....

plusgenkim

June 3rd, 2003, 22:38

Hi.

First of all, i need your understanding for my very poor english...

I have read Peex's Safedisc 2.70 tut and try it in Safedisc 2.90..

I have spent almost 20days for this and almost done.

But i still can't modfy "CC INT 3" Instructions.....

"CC" instruction modify routine was work correctly several times.

Like this....
01AF:004B0E59 890DEC2C9000 MOV [00902CEC],ECX
01AF:004B0E5F CC INT 3
01AF:004B0E60 088A08880C02 OR [EDX+020C8808],CL
| | | | | |
01AF:004B0E59 890DEC2C9000 MOV [00902CEC],ECX
01AF:004B0E5F 2BD0 SUB EDX,EAX
01AF:004B0E61 8A08 MOV CL,[EAX]

But after specific address, it was don't work anymore.

And I can't find any rules of this stop working.

SGDT, SIDT and etc instructions modified normaly.

Please give me some Hints.

If i can resolve this problem, my "SD2" challange will be finished.

Have a nice day. Bye....

PS) For me, it is always hard working to use english.
And perhaps for you, it will be hard too to understand my poor english .

Sorry.....

evaluator

June 4th, 2003, 00:28

just(!in generalissimo!),
you must DEBUG original program & see how it works;
then DEBUG your unpacked one & compare differences;

plusgenkim

June 4th, 2003, 01:06

Hi. evaluator.
I have alreay DEBUG so many time.
If i just launching the program, it is not problem.
But all codes(not modified) in .text section must be modified forcedly by calling decrypt routine....
Although i can run program several days, i can't confirm whether all codes be modified.
This is problem........

evlncrn8

June 4th, 2003, 06:03

psssst... r eip to the cc opcode.. set a breakpoint on writeprocessmemory... i3here off in softice.. g
it'll break when he writes the proper instruction.. backtrace the proc and figure out what its doing...

plusgenkim

June 4th, 2003, 07:35

Hi. evlncrn8.
Probably, I will give up this SD2 unpacking....
But I will try again once more from your way.....
Thanks.

PS) Hmmm..... Difficult.... I give up.
I shold find another EASY bait....
Thanks for reply. evlncrn8 and evaluator.
Have a nice day....

thenewguy

April 11th, 2004, 12:04

hey plusgenkim im working on something similiar to what you are

is there anyway i can talk on irc or something? would love to pick your brain on this topic

evlncrn8

April 11th, 2004, 18:00

Quote:

[Originally Posted by thenewguy]hey plusgenkim im working on something similiar to what you are is there anyway i can talk on irc or something? would love to pick your brain on this topic

safedisc2 is kinda dead now..there isnt really any point working on sd2 now that sd3 is out

SiNTAX

April 24th, 2004, 11:42

Quote:

[Originally Posted by evlncrn8]safedisc2 is kinda dead now..there isnt really any point working on sd2 now that sd3 is out

Curious.. is it any different.. apart from the version number?! Or is it all marketing hype?