|
@ muJi.fiGHt3r
start with an old safedisc v1/v2 game. since v2 the OEP is hardcoded wich means you can set a hwbp at it. insert your original cd, bypass antidebug, reach breakpoint, dump. if you use ollydbg ignore all exeptions.
anti debug of sd v2:
- the usual softice checks (no need to bypass when u use olly)
- IsDebuggerPresent
- CheckRemoteDebuggerPresent
- ZwQueryInformationProcess
ImpRec isn´t able to repair the IAT, you have to do this on your own or code a plugin. just step into the ff15 calls and you´ll see the api.
safedisc 2 oep snipped:
----------------------
...
je
mov eax, 00h
jmp
mov eax, dword...
push eax
call <Safedisc Anti-Debug, cd-check, Unpacking>
add esp, 14h
cmp eax, 00h // eax = 0 means no debugger and no unpacking probs
je... // no nasty stuff found, jump over call eax (jmp -> jmp leads to OEP)
mov eax, dword ptr Kernel32.ExitProcessA
call eax
...
__________________
http://pid.gamecopyworld.com
home of Protection ID the ultimate Protection Scanner.
|