Hello all!
I am a newbie to hack. I used the way
decribed by dEZZY. Under Win98 I used TRW2000
2.33 to load and use BPX 70049D9 to get
around that debuger check. But the
resulted exe not runnable.

Under Win2k I used SICE 4.05. But the symbole loader never stopped at the entry point. And I used ProcessPatch to patch the code at 70049D9 to 0xCC and set I3Here=On. Ok,
it stopped and I repatch the code and set EAX
to zero. I get the Nag screen. But after I
clicked "Try" and it comes again to 70049D9,
ok I set EAX again to zero and F5 run. But
it won't run and telling debugger was found.
Ok, I check after that process after second
70049D9 run, it goes to 70063DF. It seems
that there will be checked if the in memory
image's CRC is correct or not. Ok, I fuck
up that code and F5 run, it crashes becauses
of "Access Violation" sometimes later.
I have no idea now. What should be done to
hide SICE???

I used NTALL to hide SICE under Win2k, But
dunno why it nevers works now, always said,
that failed to init KMD or something.

Any help would be grateful!!!

P.S.: The APP is F-Secure SSH Client 4.3

Now it can run, but it never calls
GetProcAddress(I used bpx GetProcAddress)
Ok, I know the entry point and set a bpm xxx
there. But I'll look forward why this is
diffrent under win2k than win9x