r00kie
June 22nd, 2006, 19:03
hello,
i have got problem with safedisc 2.90. i am using ollydbg and ida on windows xp (on vmware because i am using linux as a main OS), i have read peex's tut and ArthaXerX's info.
i patch main.exe, and the files are always extracting to one directory and they are not overwritten. i have patch antydebbug functions in ~df394b.tmp file (IsDebuggerPressent, ZwQueryInformationProcess, checking for "CC" bytes). program don't show messagebox with request to close debugger. i have got original program so didnt do anything in CdaSdTest. my problem appears after splash screen disappers... main program calls kernel32.WaitForSingleObject with time argument = infinitive and it stop in it. i dont know whats going on there... i tried to patch this too, but after this function, program install SEH and jump to junk code of unpacked original program code (i know that because i am recognize ascii strings). i have checked SEH function but its normal messagebox with information about unhandled exception. any hints? how can i find OEP, or which antycracking function i should look?
PS. sorry for my poor language
i have got problem with safedisc 2.90. i am using ollydbg and ida on windows xp (on vmware because i am using linux as a main OS), i have read peex's tut and ArthaXerX's info.
i patch main.exe, and the files are always extracting to one directory and they are not overwritten. i have patch antydebbug functions in ~df394b.tmp file (IsDebuggerPressent, ZwQueryInformationProcess, checking for "CC" bytes). program don't show messagebox with request to close debugger. i have got original program so didnt do anything in CdaSdTest. my problem appears after splash screen disappers... main program calls kernel32.WaitForSingleObject with time argument = infinitive and it stop in it. i dont know whats going on there... i tried to patch this too, but after this function, program install SEH and jump to junk code of unpacked original program code (i know that because i am recognize ascii strings). i have checked SEH function but its normal messagebox with information about unhandled exception. any hints? how can i find OEP, or which antycracking function i should look?
PS. sorry for my poor language