If the kernel-mode driver isn't still around, then it may well just be something like the OutputDebugString trick causing the crash. The driver component re-implements a bunch of core Windows APIs, such as OpenProcess. It's usually used for cheating in games, but CE actually has a very fully featured debugger and some nice stealth features. It's an Olly fork that is designed for offensive debugging and exploit development, but it might have a different enough codebase and enough anti-anti-debug stuff built in to help.Īlternatively, you could use Cheat Engine along with its DBVM kernel-mode module. My first suggestion would be to try Immunity Debugger. It could well be installed on your system and catching the debugger out. I'm not sure if it's still around, but Themida used to have a kernel-mode driver component that facilitated some of the protection features.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |