Nytro Posted May 25, 2014 Report Share Posted May 25, 2014 Update (03-12-2014):This tool is no longer endorsed by MorXploit as the author is no longer part of the team. Description:MorXAntiRE is a library that collect anti(debugger/disassembly/dump/VM/sandbox) tricks.MorXAntiRE is licensed under GNU/GPL version 3 and developed in C using Visual Studio 2012 and Inline Assembly. Anti-Debugging:IsDebuggerPresentAPIIsDebuggerPresentPEBCheckRemoteDebuggerPresentAPINtQueryInformationProcess (ProcessDbgPort)NtQueryInformationProcess (ProcessDebugFlags)NtQueryInformationProcess (ProcessDebugObject)NtGlobalFlagNtSetInformationThread (HideThreadFromDebugger)Open ProcessParent ProcessSelf-Debug (CreateProcess)UnhandledExceptionFilterNtQueryObject Debugger-Attacks :BlockInputAPIOutputDebugString Timing Attacks:RDTSCWin32Timing (GetTickCount) Anti-Breakpoint:0xCC BP detection:Memory Breakpoint Debugger Check(Guard Pages)Hardware Breakpoint Check (Debug registers with Get/SetThreadContext)Hardware Breakpoint Check (ebug registers with Structured Exception Handling) Author:Ayoub Faouzi <noteworthy_at_morxploit_dot_com> Version:MorXAntiRE v1.5MD5: 372271696bf4a5aab6b5a4a3cf7ae794 Requirements:Windows 32bits Download:Link 1Sursa: MorXAntiRE Anti reverse code engineering and dynamic analysis tool | MorXploit Research Quote Link to comment Share on other sites More sharing options...
sniperspy Posted May 26, 2014 Report Share Posted May 26, 2014 Foarte bun,multumesc Quote Link to comment Share on other sites More sharing options...
Che Posted May 26, 2014 Report Share Posted May 26, 2014 Nu are cum sa mearga acest tool.Spre exemplu el combate IsDebuggerPresentAPI dar tu in OllyDbg Phantom sau mai stiu eu care plugin ai acolo sa te feresti de IsdebuggerPresent si prin urmare crackerii sunt cu un pas inainte.Nu stiu sigur, poate n-am dreptate, as vrea sa vad si parerea unuia mai avansat in ale crackingului. Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 26, 2014 Author Report Share Posted May 26, 2014 E doar o colectie de metode de anti-debug.Daca e folosita la un proiect, persoana care face reverse engineering trebuie sa se fereasca de toate metodele pentru a putea face linistit reverse engineering. Quote Link to comment Share on other sites More sharing options...
Che Posted May 26, 2014 Report Share Posted May 26, 2014 E doar o colectie de metode de anti-debug.Daca e folosita la un proiect, persoana care face reverse engineering trebuie sa se fereasca de toate metodele pentru a putea face linistit reverse engineering.Ca sa se fereasca de toate metodele nu trebuie decat sa bifeze toate anti-metodele de aici:Si asta e doar un plugin, daca vrei sa bifezi si mai multe, mai sunt si alte pluginuri. Prin urmare nu e mare greutate sa bifezi niste checkboxuri si apoi sa-ti vezi de treaba linistit. Quote Link to comment Share on other sites More sharing options...
