把 NumberOfRvaAndSizes 改到超大,会anti一下ollDBg,猜测好像ollDBg会依据这个值来分析文件,当然这值太大,ollDBg会出点问题,具体要看ollDBg代码(唉,我没用过BCB)。这anti可用Olly Advanced中Handle Base of Code,Size of Code ang Base of Data 搞定。
"Anti" OllyDbg:
LoaderFlags and NumberOfRvaAndSizes were modified.. I have Reverse Engineered OllyDBG
and Soft ICE to find a few tricks that could slow down the analysis of a binary. With those two
modifications, Olly will pretend that the binary isn't a good image and will eventually run the
application without breaking at its entry point. This could be a bad thing if you wanted to debug a
malware on your computer, because you would get infected.
出处:Scan of theMonth 33:AntiReverse
Engineering Uncovered
By Nicolas Brulez - 0x90(at)Rstack(dot)org