-
-
StraceNT with Antidebugging by Shub-Nigurrath
-
发表于:
2006-1-11 19:11
3091
-
StraceNT with Antidebugging by Shub-Nigurrath
I come across StraceNT tracer and found it very handy and nice.
What a pity it was not distributed with anti-debugger tricks so it was unuseful for tracing asprotect for example or other protected apps.
Well nothing simpler than modifying it to do this also
I did an inline patch and a modification to IAT so as to add an external DLL called at the right time to perform the required anti-debugging tricks
From the nfo inside the archive:
The StraceNT tool is free and a very efficient tracer
Unfortunately it's not able to hide itself to anti-debugger trick used by most protected programs.
I patched the application so as to hide it to debugged programs. Doing this way you can use StraceNT also with AsProtected programs. The anti-debugging tricks are
stored into an external dll so as to be much more easily upgradable my anyone.
The Dll interface is very simple and documented with the C header file I included into the distribution. You can create a much more hiding plugin for example.
I think I will soon write a tutorial to show the procedure required to add complex functionalities to a program, that cannot be done inline..
PS I patched only the windows version, because I never use the other one..if needed I'll patch it also.
附件:stracent_with_antidebug.rar
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课