Hello everyone, I'm thinking about how to increase memory size ? This is what I mean:
I have program and EP = 401000
and end of memory is for example 403000
and when I'm trying to do something like mov eax,[403000] it says wrong address or something.. I want to do that programatically not with source code. Just trying to make anti-debug things.. I though this because when I wrote dll it was like:
mov eax,[bigaddress] and while opening in debugger it said - can't load DLL but when loaded in game, it worked perfect! cause game had much memory then debugger. so, I'm thinking if I can do that on EXE-s too ? Here's theory:
1) Check if debugger is attached
2) If not, increase memory size and move bigaddress into somewhere. Else, it will fail execution.
Or can someone suggest me another way ? Thanks.

Get the address and simply do this

INC [ADDRESS] using a loop (ECX)

or your way

MOV EAX,IMMEDIATE_VALUE_TO_ADD

ADD [_ADDRESS_],EAX


Is the debugger yours or are you trying to detect some else's.

You can make your debuger inject a DLL in your main app and then your main app will check for it at a specific memory space, that it owns.

Read this http://en.wikipedia.org/wiki/DLL_injection or these

http://msdn.microsoft.com/en-us/library/aa366890(v=vs.85).aspx

http://www.codeproject.com/KB/DLL/DLL_Injection_tutorial.aspx

ur debugger was shit if it refused to load because of 'wrong' address.

Hahaha, made my day....... But be nice

b1528932
Well, I tested on another PC and there worked fine, so this topic is useless.. I'm just trying to learn how to protect app from debugger.. I mean before debugger loads it, it should do some else function that will quit program.. I don't know why but it always crashes when trying that.. maybe Ollydbg 1.10 has problems on win7 ?

Use the way I told you to,

Most hacking debbugers will do VirtualAllocEx, and WriteProcessMemory.

So you just check in your memory space...Or make a self unpacking app with a hidden algorightm.....

But OllyDbg I think elevates it's access rights and gets System access rights.

Use SeDebugPrivilege


This privilege allows the caller all access to the process, including the ability to call TerminateProcess(), CreateRemoteThread(), and other potentially dangerous Win32 APIs on the target process.
Source - http://support.microsoft.com/kb/131065



Either way dude,,,, there will never be an app that can never be hacked. If I can hack Hardware then what more can I do to shitty software like Call Of Duty ? Hmmmmm.......

Just give up dude, go Open Source....

Problem is that, it doesn't matter if memory is increased or not on XP it still works but win7 gives error "Can't Load bla bla".. Thanks for sharing anyway.

That's because things changed in Windows 7 my man. It don't matter if it's Windows 7 32 bit or Vista 32 bit, Uh Uh !

Ye.. still trying to find any solution for anti-debug things or maybe with packing would be more difficult to crack.

Well, find a packer and maybe that can help you. But If I'll ever want to crack your software, I will

Here...

http://upx.sourceforge.net/

typedef
Hehe, UPX is used widely and it's easy to unpack.. Trying to do some other method. For example, I'm thinking about resources now. To make new crypter with new algorithm and pack my files.. that's only way I guess.

Yeah, how ?


I guess you could do it so many weird ways.... I don;try to do that since I declared myself open source
Ex.

Dump your code in a file and take the contents, encrypt them with a salted RNG algorithm, and include them in your unpacker as data...

Ex. myExeCode >> myExeCode.txt >> encrypt >> DB someData.....

then, in unpacker someData >> decrypt >> read into structures (ELF structure)>> set it in memory >> point your EIP to your code and on return destroy the data.

Simple and easily said than done. LOL

Anyways what are you trying to make that is so "secretive" like ? MS (oops)....

Just trying to make code harder cause it's easy to read/debug and change.. Learning from 0 cause I know it will be very necessary for my apps. and by the way, I don't understand what you mean I need code to understand what you're trying to tell me. (:

Just use the VMP shell:) I think many cracker will give up after they find that the program is protected by VMP...