Prev: 2 questions about memory mapped files
Next: Timer-queue timer callback proc and re-entrancy
From: Corinna Vinschen on 14 Mar 2010 13:16
m wrote:
> Obviously - with physical access to the machine, there is no ultimately
> successful anti-debugging device. But the OP is asking how to defeat one;
> and presumably one that has been implemented by someone else in some
> software that he would like to debug. If he doesn't know how to do this
> already, then likely he shouldn't be doing it at all.

I don't like this notion. Even if reverse engineering or working around
anti-debugging measures may not be allowed in a few legislations, it's
by far not everywhere in the world.

It's also not clear that anti-debugging measures are legally valid. For
the good old car analogy, what if you're trying to find the cause of a
problem with the engine, and there's a mechanism which always closes the
hood in the second you're trying to open it?

Above all, you don't know anything about the intention of the OP and
just by implying that trying to debug a binary-only application is a
sort of a criminal act, you're assuming immorality or a bad intention.
That's highly questionable.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
From: m on 15 Mar 2010 21:47
<SNIP>

> Above all, you don't know anything about the intention of the OP and
> just by implying that trying to debug a binary-only application is a
> sort of a criminal act, you're assuming immorality or a bad intention.

Which is why I have invited him to explain further what he is trying to do.
If he chooses to do so, it will have several positive effects; including
allaying any fears that we might have about helping him. But more
importantly, it will help him to clarify the problem, as well as providing
some background to us, who might have worked on similar problems before, and
might be able to suggest alternate approaches to help solve his problems.


>
>
> Corinna
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat

From: Chris Becke on 29 Mar 2010 09:12
Reverse engineering (potential) malware makes *me* the bad guy?

Non debuggable code is malware in my book. Without the ability to
reverse engineer, who knows what it is hiding?

On 12/03/2010 01:58, m wrote:
> Yes.
>
> BTW: If you tell us more about what you are trying to do, so that to us
> you look less like a hacker, you will likely receive more useful replies ;)
>
> "tim" <barus(a)poczta.onet.pl> wrote in message
> news:hnajjr$c7l$1(a)news.onet.pl...
>> Hi,
>>
>> I have an application checking if debugger is running. If so the
>> application just exits. Is there a way to debug this kind of application?
>>
>> Thanks,
>> tim
>>

First  |  Prev  | 
Pages: 1 2
Prev: 2 questions about memory mapped files
Next: Timer-queue timer callback proc and re-entrancy