digitalmerlyn
July 19th, 2004, 22:53
I can't seem to get past the anti-debugger tricks in an older version of safedisc (v1.32.14 - I guess that's R4?) using OllyDBG.
Here is what I have tried so far:
1. changeing IsDebuggerPresent value
2. nop'ing "int 68" (which I'm not sure is even necessary)
I'm not sure what else to try. I've read quite a few tutorials on safedisc but all of the use softice. There are two things that the tutorials mention that I haven't tried:
1. hiding drivers (which is obviously SoftICE related and irrelavent in my case)
2. playing with the debug register
Regarding the debug register, it checks DR2 and NOT DR7. ArthaXerXes' safedisc tutorial mentions that the DR2 check doesn't seem to work. I've used IDA Pro to look at it and it seems, as he said, to not work correctly.
Any tips/recommendations as to which direction I should be heading in?
Here is what I have tried so far:
1. changeing IsDebuggerPresent value
2. nop'ing "int 68" (which I'm not sure is even necessary)
I'm not sure what else to try. I've read quite a few tutorials on safedisc but all of the use softice. There are two things that the tutorials mention that I haven't tried:
1. hiding drivers (which is obviously SoftICE related and irrelavent in my case)
2. playing with the debug register
Regarding the debug register, it checks DR2 and NOT DR7. ArthaXerXes' safedisc tutorial mentions that the DR2 check doesn't seem to work. I've used IDA Pro to look at it and it seems, as he said, to not work correctly.
Any tips/recommendations as to which direction I should be heading in?
