MorXAntiRE Anti reverse code engineering and dynamic analysis tool

[Nytro]

Update (03-12-2014):

This tool is no longer endorsed by MorXploit as the author is no longer part of the team.

Description:

MorXAntiRE is a library that collect anti(debugger/disassembly/dump/VM/sandbox) tricks.

MorXAntiRE is licensed under GNU/GPL version 3 and developed in C using Visual Studio 2012 and Inline Assembly.

Anti-Debugging:

IsDebuggerPresentAPI

IsDebuggerPresentPEB

CheckRemoteDebuggerPresentAPI

NtQueryInformationProcess (ProcessDbgPort)

NtQueryInformationProcess (ProcessDebugFlags)

NtQueryInformationProcess (ProcessDebugObject)

NtGlobalFlag

NtSetInformationThread (HideThreadFromDebugger)

Open Process

Parent Process

Self-Debug (CreateProcess)

UnhandledExceptionFilter

NtQueryObject

Debugger-Attacks :

BlockInputAPI

OutputDebugString

Timing Attacks:

RDTSC

Win32Timing (GetTickCount)

Anti-Breakpoint:

0xCC BP detection:

Memory Breakpoint Debugger Check(Guard Pages)

Hardware Breakpoint Check (Debug registers with Get/SetThreadContext)

Hardware Breakpoint Check (ebug registers with Structured Exception Handling)

Author:

Ayoub Faouzi <noteworthy_at_morxploit_dot_com>

Version:

MorXAntiRE v1.5

MD5: 372271696bf4a5aab6b5a4a3cf7ae794

Requirements:

Windows 32bits

Download:

Link 1

Sursa: MorXAntiRE Anti reverse code engineering and dynamic analysis tool | MorXploit Research

[sniperspy]

Foarte bun,multumesc

[Che]

Nu are cum sa mearga acest tool.

Spre exemplu el combate IsDebuggerPresentAPI dar tu in OllyDbg Phantom sau mai stiu eu care plugin ai acolo sa te feresti de IsdebuggerPresent si prin urmare crackerii sunt cu un pas inainte.

Nu stiu sigur, poate n-am dreptate, as vrea sa vad si parerea unuia mai avansat in ale crackingului.

[Nytro]

E doar o colectie de metode de anti-debug.

Daca e folosita la un proiect, persoana care face reverse engineering trebuie sa se fereasca de toate metodele pentru a putea face linistit reverse engineering.

[Che]

E doar o colectie de metode de anti-debug.

Daca e folosita la un proiect, persoana care face reverse engineering trebuie sa se fereasca de toate metodele pentru a putea face linistit reverse engineering.

Ca sa se fereasca de toate metodele nu trebuie decat sa bifeze toate anti-metodele de aici:

Si asta e doar un plugin, daca vrei sa bifezi si mai multe, mai sunt si alte pluginuri. Prin urmare nu e mare greutate sa bifezi niste checkboxuri si apoi sa-ti vezi de treaba linistit.