Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-17-2005, 06:47 PM
xtremex xtremex is offline
Member
 
Join Date: Jun 2005
Posts: 5
Default

Can anybody trace and tell me what kindda protection uses this program against debugger?

VirtualLav v5.0.4
http://www.binarybiz.com/vlab/index.php
> http://www.binarybiz.com/vlab/downloads/virtuallab.zip
Reply With Quote
  #2  
Old 06-18-2005, 05:28 AM
CoDe_InSiDe CoDe_InSiDe is offline
Member
 
Join Date: Nov 2003
Posts: 28
Default

I've downloaded and checked the program, and i haven't found any Anti-Debugger stuff... :huh:
Reply With Quote
  #3  
Old 06-18-2005, 06:01 AM
xtremex xtremex is offline
Member
 
Join Date: Jun 2005
Posts: 5
Default

Now try to trace it please.
IDA works in exe (vlabpro.exe) but It can't trace the module (VHDDRecovery.dll). I just hogs.
Olly just breaks in the same point, but not where the our bp is located.
SoftSnoop (more an API tracer) remains in a loop.
Reply With Quote
  #4  
Old 06-18-2005, 06:37 AM
CoDe_InSiDe CoDe_InSiDe is offline
Member
 
Join Date: Nov 2003
Posts: 28
Default

I've traced it, and there's no problem tracing it with SoftICE.
W32Dasm just quits and that's probably because the file (And certain other things like the Resource Section) is too big (But I don't know if this also counts for IDA, I don't have IDA so I can't check it).
But I still don't see any Anti-Debugger stuff, only Anti-Disassembler stuff...

I'm not too familiar with OllyDbg (I've got it here but I actually never use it ).
I think someone else needs to look at this program
Reply With Quote
  #5  
Old 06-18-2005, 08:14 AM
xtremex xtremex is offline
Member
 
Join Date: Jun 2005
Posts: 5
Default

SoftIce is more likely to work than others. I'm to lazy to install it.
But still Ollydbg doesn't work, nor IDA.
The code in module VHDDRecovery is important to be traced.
I havent seen any anti-debuger code myself (don't have much knowledge though) when decompiling Exe with Dede v350.
And it's curios why Dede can't decompile the module.
I guess it has something to do with the Shared Memory Manager Replacer that it uses.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.