I present a patch for Olly.
This patch hides ollydebugger from detection Execryptors

The file will not open as a "zip" archive. Is it really a "rar"? If so you should have stated that in your post. Using winrar, it does appear to be an exe, but I have not tried it.

Regards,

Howdy,

It works

Woodmann

I regret, but I have not told. Yes it winrar.

I'm sorry but why I can't download this attachment?

Try here
hxxp://www.corbina.net/~callas/AntiDetectOlly.exe

thx 4 reply

Thanks! I shall necessarily check up

it should work even with modified version

if the patch made without size check

i think so .

anyway thx 4 reply --_a

But it won't work with Olly XP style mod by TSRh because it's ASPacked

ask stripper --_a

You can, it to look in the original version ollydbg. After a patch, it is necessary to compare 2 file. It as an example and you can easily correct all in the HEX-editor.

Look an example of a patch and make inline a patch

i try that pach and it give me evry thing it is ok but when i open the programe after pached it give me error " the procedure entry point_pluginsaverecord could not be located in the dynamic link liprary ollydbg.exe"
thnx for all

what about making a search&replace patch? because almost everyone have a modded ollydbg.exe.

ramiz :

u r right i got the same Error Msg .

diablo2oo2 :

thanx 4 try but same rezult

the same error who can help ?????
thnx for all

In the catalogue should be - 2 copies
One patched also we shall rename ,another ollydbg.exe it is simply put

the error not come agean but when i make debug for the programe wich protected with execriptore it give error when i press f9 and then close olly that when i active the new plugen
thnx for ur help

I would point out some concerns about hiding Olly manually or through this tool, that most of ppl here around migh ignore..

Manually
For first thing, you'll need Re-pair and LordPE of course

copy of ollydbg.exe to ollydbg_execrypt.exe
open LordPE with ollydbg.exe (yes, it's the original file): click on PE Editor and select ollydbg.exe, then directories and then Export Table. Now place RVA and SIZE of the Export Table to 0000. Save everything and exit from LordPE.
Open Re-Pair and click fix on ollydbg.exe and wait till the process finishes.
Now you should have two files as below:

ollydbg.exe patched with LordPE and Re-Pair
ollydbg_execrypt.exe still original

Invert these two files renaming them: ollydbg.exe should become the not patched program, and ollydbg_execrypt.exe should become the patched program.
now launch ollydbg_execrypt.exe (that is now the patched Olly), and exit immediately.
now look into the directory, there should be a new .ini file, with a name like asbd.ini or something similar (the name is casual, determined by the patch re-pair did on Ollydbg). Well, copy your ollydbg.ini file over this ini file to keep your old olly settings for the patched version too.
now to debug execrypt use ollydbg_execrypt.exe and you should also see all the plugins.

Using the automated tool
The tool of this thread essentially does the same things, but it's IMHO less powerfull because:

always use the "TEST" string instead of string "Olly", while Re-pair uses random strings
zeroes partially the export table, only zeroing the first exports, only those checked by actual execryptor..
creates problems with the plugins while manual method works with all the plugins without exceptions.
I prefer to do things manually that's much better

It will not pass too much time that execryptor will recognize also Ollys patched by this tool, while is more difficult to recognize Ollys patched manually..

The new version of a protector prefers the new version
AntiDetectOllyPatch-2
Patch , rename and use plug-ins
Start from the context menu.

it is not working in the new ver of execryptor plz help us
thnx for all

Write more in detail - then it is possible to answer correctly.

when i press f9 in olly patched it give me that error and it close
u can help me in that ?
and the error in attach

ramiz
Most likely - at you not an original file
Use ollydbg from a package v.1.10f
It is possible to send me your file?

Hide you OllyDebugger with new - AntidetectOllyPatch!
Patch against execryptor - all version!
-----------------------------------
Ok! JMI i delete Subscribtions and my old post

Why are ypu answering your own Posts and Why did you start another Thread when you posted the previous version in the "other" Thread??? You can use the "Edit" Button to add later comments.

Are you just facinated with seeing your nick as many times as you can Post?

Regards,

hi sir...
when i use your patch some of my olly plugin cannot be load...
what happend with me...

Hi .It's need Rename XXOllydbg.exe and place original copy Ollydbg.exe

i have error like this when i renaming olly...



is any other suggestion ?

thx...

Hi, try following manually what I told at post #20 of this same thread.

http://www.woodmann.net/forum/showpost.php?p=46066&postcount=20

So more broken...
i do like this...

1. i patch the OllyDgb.exe with these progy...
2. i clone OllyDbg.exe 1 name is same, 1 is my name OllyDebug_execryptor.exe
3. i open lordpe->directory->exports change rva and size to 0 (zero)
4. i save...
5. i repair .exe with RE-Repair.exe -> and new olly was created (Myr05.exe)...
6. now i have 3 olly...
- Original
- Patched
- Repair

problem is :
- when i running the patched olly some my plugin (sometime all) not load...
- when i running the repaired windows send the fatal error...

question is :
am i wrong on that ?

thx

sorry, have to reply..

hiding olly like that is totally and utterly lame, and there HAS to be a better approach.. if you have to use tools like lordpe and re-pair to mess with executables then something is seriously wrong.. you should (assuming you are not a newbie) at least have the experience and knowledge of the pe format to either.. 1. do it manually.. carefully or 2. code a tool to do it

i had to hide my softice from various anti debug measures, and i sure as shit didnt use 3rd party tools to do it, and i learned a lot from it.. maybe people should just learn....

yes it has, you have to change all references by hand, and after it you must change in plugins as well, then no problem with missing function entries