Log in

View Full Version : Armadillo - AntiDebug


Artifex
January 3rd, 2004, 04:53
Artifex

Zilot
January 3rd, 2004, 09:05
This appears to be job for JMI
I mean replay on above message

MaRKuS-DJM
January 3rd, 2004, 09:57
this seems to be a crack-request *lol*

Zilot
January 3rd, 2004, 12:14
Interesting software, tell me are more options for testing disabled in unregistered version only ?

You say you can use software unfinitely, but how to explain students that. My dear students we are using shareware software, and we know how to cheat. Doesnt go.

So if you want unpacked (maybe fixed will see, no nags etc..) maybe we can make deal. What do you say about that, this is no third type humor. Serious offer for deal ??

MaRKuS-DJM
January 3rd, 2004, 12:28
Quote:
[Originally Posted by Artifex]I could use this evaluation software as many times as I might want because we know now what clsid to delete (see EVA Cleaner v1.2 by BLiND PRoPHET).

Artifex


I didn't know that. without this information, it looks like a crack-request.

Zilot
January 4th, 2004, 10:13
Hey electronic man !!!

I unpacked and fixed your simulator (fully functional). If you want we can make deal. My price is 0 $, and I can't get below that. Think for a while and if you want we can start negotiations.

This is evidence I really did it.

http://members.fortunecity.com/zilot/PS0064.jpg

JMI
January 4th, 2004, 14:59
OK, now you kids play nice in the sandbox or we will have to send you to your rooms without supper.

Artifex: You have a common problem. You are "investigating" a target which detects your debugger. Therefore you need to review the subject of debugger detection and the associated breakpoints on API's relating to those issues. That's why we have a search button on the Forum. So that most issues, previously discussed, do not have to be re-invented each time someone new has that same issue. It could have detection of the windows for and/or exe names of SICE and/or detect it by API calls.

First you need to review those threads and try the breakpoints they suggest and then report back which ones you tried and whether any of them worked to intercept the "test" for the debugger's presence. Only after you have made those attempts, should you report back that you have tried (list the breakpoints you tried) without success and, then, ask for further suggestions.

There are anti-debugger articles all over the net as well. You could also try a google search with subjects such as : "anti-debugger + Armadillo" and "anti-debugger + breakpoints" as a good start. Another one is "debugger detection code." Using that one quickly, for example, I got this reference, among many:
http://www.woodmann.com/crackz/Tutorials/Armadillo.htm

Regards,

Artifex
January 4th, 2004, 15:20
Quote:
[Originally Posted by JMI]OK, now you kids play nice in the sandbox or we will have to send you to your rooms without supper.

Artifex: You have a common problem. You are "investigating" a target which detects your debugger. Therefore you need to review the subject of debugger detection and the associated breakpoints on API's relating to those issues.


Of course, I did that. All articles say that Icedump or FrogSice hide the debugger to Armadillo.
In that case they do very well, Armadillo doesn't display its message box about debugger's presence.
But it doesn't unpack itself correctly.
That is the problem for me, and I have no clue about that.

Anyway, forget me as I forget you, JMI. I won't miss you.

Bye Bye.
Artifex.

JMI
January 4th, 2004, 15:38
Whatever your name was, I have already forgotten, you have missed the point entirely. It doesen't matter whether the software displays a dialog box to "tell" you it had detected your debugger, it is obvioulsy doing something "after" it discovers your debugger.

And contrary to your assertion, not "all" article say "Icedump or FrogSice hide the debugger to Armadillo," they work mostly on those issues related to detection of the presence of the software through createfile calls. What have you tried to detect calls to API which detect the presence of your debugger. It would appear that you have a branch call after your debugger is detected, that you would prefer your program not to take.

So take your marbles and go home in a huff if you wish. Information posted here is intended for the assistance of a wider audience than your personal issue.

Regards,