Hi everyone, I'm a new user and i have a question for anyone that can help me.
When i try to debug a program using Ollydbg 1.10 it pops a message box saying something like this: "Debugger found.Unload the debugger and try again."
The same happens when i try to load the program through the W32Dasm debugger.
Is there any way to fool the program to think that it is not run by a debugger?
Thanks for reading my post, i hope someone could give me a hint.

Try using the search feature of the forum. Using this
http://www.woodmann.com/forum/search.php?searchid=85653 ("http://www.woodmann.com/forum/search.php?searchid=85653") you only get 5 results and your answer
Also try using google.

You cannot dírect link board searches like that, that link will stop working shortly after you performed your search, post the search terms instead.

Key Word(s): olly, hide, plugin

heh sorry dELTA but i think that the point still stands dont you

The point is, of course, well taken. He was just pointing out an issue with the vBulletin search function.

Regards,

I had already tried the IsDebuggerPresent plugin for OllyDbg (if that's what you suggest venom925) but it doesn't seem to work.
I had also tried the trick from the forum user Shub-nigurrath with changing the 'O' of the Olly in '0' (zero) but that didn't work either.(Besides the antidebugger protection is not OllyDbg-specific since it pops-up even with the debugger of W32Dasm).
I also forgot to mention that the programs that popup that "Debugger found" message are mostly (but not only) games.

I have some new questions:
a)Is there any other plugin for hidding Olly or a program like Frogsice (came across it while searching with google but it says it can only be used with SofIce and win9x) but for use with ollydbg and WinXP?

b)I tried to find a tutorial (using google) about defeating general antidebugger technics but didn't found anything usefull.Does anyone know any tutorial like that?

Thanks for answering my post.

I will try a couple of new tricks that i found while searching with google(although i'm not sure that they will work) and will let you know if i find an answer.

If you read up on "debugger detection," you will generally find that the process you are dealing with either works on the interrupt level, i.e. it is detecting changes made by the debugger to intercept errors or exceptions used to invoke the debugger, or it has a process for determing that any one of a number of programs and/or windows are currently running.

Your's sound like it may be the second category and just changing the name of the program, Ollydbg to 0llydbg may not be enough. For example the program may look for the name of a window which is open in the debugger. Generally searching here for debugger detection should give some additional ideas.

Regards,

Also try to change the classname and any related strings inside Olly into 0lly with an Hexeditor.

olly can atach to an active task, maybe the app is checking the debugger presence in the start, I think should be possible attach after the process starts and debug it from there, if we look for a registration like dialog its may work!

Please forgive me if Im so wrong Im a beginner, yet!!

Thanks for your suggestions!
I'll give them a try