Dismiss Notice

REGISTRATION IS AFTER ADMIN ACTIVATION

DONATIONS WITH PAYPAL CLICK TO BUTTON

3 MONTHS VIP - 10$; 6 MONTHS VIP - 20$; 1 YEAR VIP - 30$; 2 YEARS VIP - 50$; GOLD USER FOR LIFE VIP - 150$

DONATIONS WITH Bitcoin Address:3NRs3CK3fhXifrNYxHEZKpETDd9vNLMsMD

Dismiss Notice
The registration is approved by the Administrator. It takes about 1 day to approve your registration
Dismiss Notice
For open hidden message no need write thanks, thank etc. Enough is click to like button on right side of thread.

Anti CRACK Functions

Discussion in 'Delphi Programming' started by N0body, Oct 21, 2014.

  1. N0body
    Online

    N0bodyN0body is a Verified Member DelphiFan Administrator Staff Member DF Staff

    Code:
    CRACK_BEGIN
    interface
    
    uses SysUtils,Windows;
    
    function IsDebuggerPresent: BOOL; stdcall; external 'kernel32.dll';
    function BoundsCheckerDetected: Boolean;
    function SoftIceVXDDetected: Boolean;
    function WinIceDetected: Boolean;
    function MeltIceDetected: Boolean;
    
    implementation
    
    
    
    function BoundsCheckerDetected: Boolean;
    begin
    try
    asm
    push ebp
    mov ebp, 'BCHK'
    mov ax, 4
    int 3
    cmp ax, 4
    jne @@softice_detected
    mov ax, 0
    jmp @@exit
    @@softice_detected:
    mov ax, 1
    @@exit:
    pop ebp
    end;
    except
    on E: EExternalException do
    begin
    result:=False;
    end else begin
    result:=true;
    end;
    end;
    end;
    
    
    function SoftIceVXDDetected: Boolean;
    begin
    try
    asm
    push esi
    push edi
    mov ax, $1684
    mov bx, $0202 // VXD ID for SoftIce
    xor di, di
    mov es, di
    int $2F
    mov ax, es
    add di,ax
    cmp di, 0
    jne @@softice_detected
    mov ax, 0
    jmp @@exit
    @@softice_detected:
    mov ax, 1
    @@exit:
    pop edi
    pop esi
    end;
    except
    // Not hooked
    result:=False;
    end;
    end;
    //------------
    function WinIceDetected: Boolean;
    begin
    try
    asm
    mov ah, $43
    int $68
    cmp ax, $F386
    jz @@winice_detected
    mov ax, 0
    jmp @@exit
    @@winice_detected:
    mov ax, 1
    @@exit:
    end;
    except
    // Not hooked
    result:=False;
    end;
    end;
    
    
    
    ///////////
    function MeltIceDetected: Boolean;
    var hIce: THandle;
    dwCount: Integer;
    const
    ICE_FILES: Array [0..3] of PChar = ('\\.\SICE', '\\.\NTICE', '\\.\SIWVID', '\\.\FROGICE');
    begin
    
    // Description: Detect the presence of SoftIce and many other memory resident
    // tools by attempting to load SoftIce related devices such its display
    // driver, or its access driver. Devices such as SICE, NTICE, SIWVID, FROGICE.
    result:=False;
    for dwCount:=0 to High(ICE_FILES) do
    begin
    hIce:=CreateFile(ICE_FILES[dwCount], GENERIC_READ, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, 0);
    if (hIce <> INVALID_HANDLE_VALUE) then
    begin
    CloseHandle(hIce);
    result:=True;
    break;
    end;
    end;
    end;
    ///////////
    
     
  2. dracola
    Offline

    dracola DF Junior

    so i just save it into .pas, and load it in uses....right?
    Thank's
     
  3. N0body
    Online

    N0bodyN0body is a Verified Member DelphiFan Administrator Staff Member DF Staff

    yes right
     
  4. juanito31
    Offline

    juanito31 Guest

    merci bcp
     
  5. AmineItachi
    Offline

    AmineItachi Guest

    thank you
     
  6. dwikun
    Offline

    dwikun DF Junior

    good post
     
  7. Koru
    Offline

    Koru Guest

    thanks
     
  8. dmdpw
    Offline

    dmdpw Guest

    [font='microsoft yahei', 宋体, arial]河南濮阳5名中年妇女群殴[/font]
     
  9. Leandro Santos
    Offline

    Leandro Santos DF Member

  10. apple
    Offline

    apple DF Member

    thanks
     
  11. yhlee304
    Online

    yhlee304 DF Expert DF Gold User

    thanks for all
     
  12. joriccs
    Offline

    joriccs DF Junior

    unit AntiDebug;

    interface

    uses

      Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls,
      Dialogs, StdCtrls, ExtCtrls;

      function FD_IsDebuggerPresent(): Boolean;
      function PD_PEB_BeingDebuggedFlag(): Boolean;
      function FD_PEB_NtGlobalFlags(): Boolean;
      function FD_Heap_HeapFlags(): Boolean;
      function FD_Heap_ForceFlags(): Boolean;
      function FD_CheckRemoteDebuggerPresent(): Boolean;
      function FD_NtQueryInfoProc_DbgPort(): Boolean;
      function FD_NtQueryInfoProc_DbgObjHandle(): Boolean;
      function FD_NtQueryInfoProc_DbgFlags(): Boolean;
      function FD_SeDebugPrivilege(csrssPid: THandle): Boolean;
      function FD_Find_Debugger_Window(): Boolean;
      function FD_Exception_Closehandle(): Boolean;
      function FD_Exception_Int3(): Boolean;
      function FD_OutputDebugString(): boolean;
      function FD_Check_StartupInfo(): Boolean;
      function FD_INT_2d(): Boolean;
      function FS_OD_Int3_Pushfd(): Boolean;
      function FS_SI_Exception_Int1(): Boolean;
      function FB_HWBP_Exception(): Boolean;

    implementation

    //{$R *.dfm}
    {
    procedure TForm1.Timer1Timer(Sender: TObject);
    var
      isdebugged: DWORD;
      retLen: PULONG;
      ProcessHandle: DWORD;
      tmp: PChar;
    label
      IsDebug;
    begin
      try
          //反调试检测

          isdebugged := 0;
          if FB_HWBP_Exception then isdebugged := isdebugged + 1;
          label4.Caption := IntToStr(isdebugged);
          if FS_SI_Exception_Int1 then isdebugged := isdebugged + 1;
          label4.Caption := IntToStr(isdebugged);
          if FD_Find_Debugger_Window then isdebugged := isdebugged + 1;
          if FD_IsDebuggerPresent then isdebugged := isdebugged + 1;
          if PD_PEB_BeingDebuggedFlag then isdebugged := isdebugged + 1;
          if FD_PEB_NtGlobalFlags then isdebugged := isdebugged + 1;
          if FD_Heap_HeapFlags then isdebugged := isdebugged + 1;
          if FD_CheckRemoteDebuggerPresent then isdebugged := isdebugged + 1;
          if FD_NtQueryInfoProc_DbgPort then isdebugged := isdebugged + 1;
          if FD_NtQueryInfoProc_DbgObjHandle then isdebugged := isdebugged + 1;
          if FD_NtQueryInfoProc_DbgFlags then isdebugged := isdebugged + 1;
          if FD_SeDebugPrivilege(916) then isdebugged := isdebugged + 1;
          if FD_Exception_Closehandle then isdebugged := isdebugged + 1;
          if FD_Exception_Int3 then isdebugged := isdebugged + 1;
          if FD_OutputDebugString then isdebugged := isdebugged + 1;
          if FD_Check_StartupInfo then isdebugged := isdebugged + 1;
          if FD_INT_2d then isdebugged := isdebugged + 1;
          if FS_OD_Int3_Pushfd then isdebugged := isdebugged + 1;

    IsDebug:
          if isdebugged > 0 then
            tmp := pchar('存在调试器!(共有' + inttostr(isdebugged) + '种方法检测出调试器)')
          else
            tmp := '正常执行!';
          Label1.Caption := tmp;
      except
          on e: Exception do
          debug.DebugPrint('发生错误!' + #10#13 + e.Message);
      end;
    end;
    }
    //使用IsDebuggerPresent这个API来检测是否被调试
    function FD_IsDebuggerPresent(): Boolean;
    begin
      if IsDebuggerPresent then
          Result := True
      else
          Result := False;
    end;

    //使用查看PEB结构中标志位beingDegug来检测是否被调试
    function PD_PEB_BeingDebuggedFlag(): Boolean;
    begin
      asm
          mov @result, 0
          mov eax, fs:[30h]  //EAX = TEB.ProcessEnvironmentBHIDE-THANKS
          add eax, 2
          mov eax, [eax]
          and eax, $000000ff //AL = PEB.BeingDebugged
          test eax, eax
          jne @IsDebug
          jmp @exit
      @IsDebug:
          mov @result, 1
      @exit:
      end;
    end;

    //查看PEB结构中的NtGlobalFlags标志位来检测是否被调试
    function FD_PEB_NtGlobalFlags(): Boolean;
    begin
      asm
          mov @result, 0
          mov eax, fs:[30h]
          mov eax, [eax+68h]
          and eax, $70      //NtGlobalFlags
          test eax, eax
          jne @IsDebug
          jmp @exit
      @IsDebug:
          mov @result, 1
      @exit:
      end;
    end;

    //在PEB结构中,使用HeapFlags来
    //检测调试器也不是非常可靠,但却很常用。
    //这个域由一组标志组成,正常情况下,该值应为2
    function FD_Heap_HeapFlags(): Boolean;
    begin
      asm
          mov @result, 0
          mov eax, fs:[30h]
          mov eax, [eax+18h] //PEB.ProcessHeap
          mov eax, [eax+0ch] //PEB.ProcessHeap.Flags
          cmp eax, 2
          jne @IsDebug
          jmp @exit
      @IsDebug:
          mov @result, 1
      @exit:
      end;
    end;

    //检测PEB结构中的标志位ForceFlags,它也由一
    //组标志组成,正常情况下,该值应为0
    function FD_Heap_ForceFlags(): Boolean;
    begin
      asm
          mov @result, 0
          mov eax, fs:[30h]
          mov eax, [eax+18h]       mov eax, [eax+10h]
          test eax, eax
          jne @IsDebug
          jmp @exit
      @IsDebug:
          mov @result, 1
      @exit:
      end;
    end;

    //使用API:CheckRemoteDebuggerPresent
    function FD_CheckRemoteDebuggerPresent(): Boolean;
    var
      Func_Addr: Pointer;
      hModule: Cardinal;
      pDebugBool: PBool;
    begin
      result := false;
      hModule := GetModuleHandle('kernel32.dll');
      if hModule = INVALID_HANDLE_VALUE then exit;
      Func_addr := GetProcAddress(hModule, 'CheckRemoteDebuggerPresent');
      if (Func_addr <> nil) then begin
          asm
            lea eax, pDebugBool
            push eax
            push $ffffffff
            call Func_addr
            cmp dword ptr[pDebugBool], 0
            jne @IsDebug
            jmp @exit
          @IsDebug:
            mov @result, 1
          @exit:
          end;
      end;
    end;

    //使用ntdll_NtQueryInformationProcess()来查询
    //ProcessDebugPort可以用来检测反调试
    function FD_NtQueryInfoProc_DbgPort(): Boolean;
    var
      Func_Addr: Pointer;
      hModule: Cardinal;
      ReturnLength: PULONG;
      dwDebugPort: PDWORD;
    begin
      result := false;
      hModule := GetModuleHandle('ntdll.dll');
      if hModule = INVALID_HANDLE_VALUE then exit;
      Func_addr := GetProcAddress(hModule, 'ZwQueryInformationProcess');
      if (Func_addr <> nil) then begin
          asm
            lea eax, ReturnLength
            push eax                    //ReturnLength
            push 4                      //ProcessInformationLength
            lea eax, dwDebugPort
            push eax                    //ProcessInformation
            push 7                      //ProcessInformationClass
            push $FFFFFFFF              //ProcessHandle
            call Func_addr              //NtQueryInformationProcess
            cmp [dwDebugPort], 0
            jne @IsDebug
            jmp @exit
          @IsDebug:
            mov @result, 1
          @exit:
          end;
      end;
    end;

    //查询winXp自动创建的"debug object"的句柄
    function FD_NtQueryInfoProc_DbgObjHandle(): Boolean;
    var
      Func_Addr: Pointer;
      hModule: Cardinal;
      ReturnLength: PULONG;
      dwDebugPort: PDWORD;
    begin
      result := false;
      hModule := GetModuleHandle('ntdll.dll');
      if hModule = INVALID_HANDLE_VALUE then exit;
      Func_addr := GetProcAddress(hModule, 'ZwQueryInformationProcess');
      if (Func_addr <> nil) then begin
          asm
            lea eax, ReturnLength
            push eax
            push 4
            lea eax, dwDebugPort
            push eax
            push $1E
            push $FFFFFFFF
            call Func_addr
            mov eax, [dwDebugPort]
            test eax, eax
            jnz @IsDebug
            jmp @exit
          @IsDebug:
            mov @result, 1
          @exit:
          end;
      end;
    end;

    //查询winXp自动创建的"debug object",
    //未公开的ProcessDebugFlags类,当调试器存在时,它会返回false
    function FD_NtQueryInfoProc_DbgFlags(): Boolean;
    var
      Func_Addr: Pointer;
      hModule: Cardinal;
      ReturnLength: PULONG;
      dwDebugPort: PDWORD;
    begin
      result := false;
      hModule := GetModuleHandle('ntdll.dll');
      if hModule = INVALID_HANDLE_VALUE then exit;
      Func_addr := GetProcAddress(hModule, 'ZwQueryInformationProcess');
      if (Func_addr <> nil) then begin
          asm
            lea eax, ReturnLength
            push eax
            push 4
            lea eax, dwDebugPort
            push eax
            push $1F
            push $FFFFFFFF
            call Func_addr
            mov eax, [dwDebugPort]
            test eax, eax
            jz @IsDebug
            jmp @exit
          @IsDebug:
            mov @result, 1
          @exit:
          end;
      end;
    end;

    //是否获得SeDebugPrivilege
    //是否可以使用openprocess操作CSRSS.EXE
    function FD_SeDebugPrivilege(csrssPid: THandle): Boolean;
    var
      hTmp: Cardinal;
    begin
      result := False;
      hTmp := OpenProcess(PROCESS_ALL_ACCESS,false,csrssPid);
      if hTmp <> 0 then begin
          CloseHandle (hTmp);
          result := true;
      end;
    end;

    //查找已知的调试器的窗口来检测是否被调试
    function FD_Find_Debugger_Window(): Boolean;
    var
      whWnd: DWORD;
    begin
      result := True;
      //ollydbg v1.1
      whWnd := FindWindow('icu_dbg', nil);
      if whWnd <> 0 then Exit;
      //ollyice pe--diy
      whWnd := FindWindow('pe--diy', nil);
      if whWnd <> 0 then Exit;
      //ollydbg ?-
      whWnd := FindWindow('ollydbg', nil);
      if whWnd <> 0 then Exit;
      //windbg
      whWnd := FindWindow('WinDbgFrameClass', nil);
      if whWnd <> 0 then Exit;
      //dede3.50
      whWnd := FindWindow('TDeDeMainForm', nil);
      if whWnd <> 0 then Exit;
      //IDA5.20
      whWnd := FindWindow('TIdaWindow', nil);
      if whWnd <> 0 then Exit;
      result := False;
    end;

    //给CloseHandle()函数一个无效句柄作为输入参数
    //是否触发一个EXCEPTION_INVALID_HANDLE (0xc0000008)的异常
    function FD_Exception_Closehandle(): Boolean;
    begin
      try
          CloseHandle($00001234);
          result := False;
      except
          Result := True;
      end;
    end;

    //int3 检测
    function FD_Exception_Int3(): Boolean;
    begin
          asm
            mov @result, 0
            push offset @exception_handler //set exception handler
            push dword ptr fs:[0h]
            mov dword ptr fs:[0h],esp
            xor eax,eax       //reset EAX invoke int3
            int 3h
            pop dword ptr fs:[0h] //restore exception handler
            add esp,4
            test eax,eax // check the flag
            je @IsDebug
            jmp @exit
          @exception_handler:
            mov eax,dword ptr [esp+$c]//EAX = ContextRecord
            mov dword ptr [eax+$b0],$ffffffff//set flag (ContextRecord.EAX)
            inc dword ptr [eax+$b8]//set ContextRecord.EIP
            xor eax,eax
            ret
          @IsDebug:
            xor eax,eax
            inc eax
            mov esp,ebp
            pop ebp
            ret
          @exit:
            xor eax,eax
            mov esp,ebp
            pop ebp
            ret
          end;
    end;

    //使用OutputDebugString函数来检测
    function FD_OutputDebugString(): boolean;
    var
      tmpD: DWORD;
    begin
      OutputDebugString('');
      tmpD := GetLastError;
      if(tmpD = 0) then
          result := true
      else
          Result := false;
    end;

    //检测STARTUPINFO结构中的值是否为0
    function FD_Check_StartupInfo(): Boolean;
    var
      si: STARTUPINFO;
    begin
      ZeroMemory(@si, sizeof(si));
      si.cb := sizeof(si);
      GetStartupInfo(si);
      if (si.dwX <> 0) and (si.dwY <> 0)
          and (si.dwXCountChars <> 0)
          and (si.dwYCountChars <> 0)
          and (si.dwFillAttribute <> 0)
          and (si.dwXSize <> 0)
          and (si.dwYSize <> 0) then begin
          result := true
      end else
          result := false;
    end;

    //使用int 2dh中断的异常检测
    function FD_INT_2d(): Boolean;
    begin
      try
          asm
            int 2dh
            inc eax //any opcode of singlebyte.
                    //;or u can put some junkcode,
                    //"0xc8"..."0xc2"..."0xe8"..."0xe9"
            mov @result, 1
          end;
      except
          Result := false;
      end;
    end;

    //最近比较牛的反调试
    function FS_OD_Int3_Pushfd(): Boolean;
    begin
      asm
          push offset @e_handler //set exception handler
          push dword ptr fs:[0h]
          mov dword ptr fs:[0h],esp
          xor eax,eax //reset EAX invoke int3
          int 3h
          pushfd
          nop
          nop
          nop
          nop
          pop dword ptr fs:[0h]  //restore exception handler
          add esp,4

          test eax,eax  //check the flag
          je @IsDebug
          jmp @Exit

    @e_handler:
          push offset @e_handler1  //set exception handler
          push dword ptr fs:[0h]
          mov dword ptr fs:[0h],esp
          xor eax,eax  //reset EAX invoke int3
          int 3h
          nop
          pop dword ptr fs:[0h]  //restore exception handler
          add esp,4      //EAX = ContextRecord
          mov ebx,eax  //dr0=>ebx
          mov eax,dword ptr [esp+$c]     //set ContextRecord.EIP
          inc dword ptr [eax+$b8]
          mov dword ptr [eax+$b0],ebx  //dr0=>eax
          xor eax,eax
          ret

    @e_handler1:        //EAX = ContextRecord
          mov eax,dword ptr [esp+$c]     //set ContextRecord.EIP
          inc dword ptr [eax+$b8]
          mov ebx,dword ptr[eax+$04]
          mov dword ptr [eax+$b0],ebx  //dr0=>eax
          xor eax,eax
          ret

    @IsDebug:
          mov @result, 1
          mov esp,ebp
          pop ebp
          ret
      @Exit:
          mov esp,ebp
          pop ebp
          ret
      end;
    end;

    //使用int1的异常检测来反调试
    function FS_SI_Exception_Int1(): Boolean;
    begin
      asm
          mov @result, 0
          push offset @eh_int1 //set exception handler
          push dword ptr fs:[0h]
          mov dword ptr fs:[0h],esp
          xor eax,eax  //reset flag(EAX) invoke int3
          int 1h
          pop dword ptr fs:[0h] //restore exception handler
          add esp,4
          test eax, eax  // check the flag
          je @IsDebug
          jmp @Exit

    @eh_int1:
          mov eax,[esp+$4]
          mov ebx,dword ptr [eax]
          mov eax,dword ptr [esp+$c] //EAX = ContextRecord
          mov dword ptr [eax+$b0],1 //set flag (ContextRecord.EAX)
          inc dword ptr [eax+$b8] //set ContextRecord.EIP
          inc dword ptr [eax+$b8] //set ContextRecord.EIP
          xor eax, eax
          ret
      @IsDebug:
          mov @result, 1
          mov esp,ebp
          pop ebp
          ret
      @Exit:
          xor eax, eax
          mov esp,ebp
          pop ebp
          ret
      end;
    end;

    //在异常处理过程中检测硬件断点
    function FB_HWBP_Exception(): Boolean;
    begin
      asm
          push offset @exeception_handler //set exception handler
          push dword ptr fs:[0h]
          mov dword ptr fs:[0h],esp
          xor eax,eax  //reset EAX invoke int3
          int 1h
          pop dword ptr fs:[0h]  //restore exception handler
          add esp,4  //test if EAX was updated (breakpoint identified)
          test eax,eax
          jnz @IsDebug
          jmp @Exit

    @exeception_handler:       //EAX = CONTEXT record
          mov eax,dword ptr [esp+$c]  //check if Debug Registers Context.Dr0-Dr3 is not zero
          cmp dword ptr [eax+$04],0
          jne @hardware_bp_found
          cmp dword ptr [eax+$08],0
          jne @hardware_bp_found
          cmp dword ptr [eax+$0c],0
          jne @hardware_bp_found
          cmp dword ptr [eax+$10],0
          jne @hardware_bp_found
          jmp @exception_ret
      @hardware_bp_found: //set Context.EAX to signal breakpoint found
          mov dword ptr [eax+$b0],$FFFFFFFF
      @exception_ret:       //set Context.EIP upon return
          inc dword ptr [eax+$b8] //set ContextRecord.EIP
          inc dword ptr [eax+$b8] //set ContextRecord.EIP
          xor eax,eax
          ret
      @IsDebug:
          mov @result, 1
          mov esp,ebp
          pop ebp
          ret
      @Exit:
          xor eax, eax
          mov esp,ebp
          pop ebp
          ret
      end;
    end;
    end.
     
  13. ral
    Offline

    ral DF Member

     
  14. roma89
    Offline

    roma89 Guest

    RE:

    Merciii
     
  15. RcXXcR
    Offline

    RcXXcR Guest

    RE:

    thanks
    very2 simple :D
     
  16. peyman1
    Offline

    peyman1 Guest

    RE:

    thanks
     
  17. leoplusma
    Offline

    leoplusma DF Junior

    quite interesting... thank u for this, will check it out :heart:
     
  18. darkvadr
    Offline

    darkvadr DF Member

    RE:

    Unfortunatly, these are all old tricks... and using it "out of the box" will be a matter of 10 min to bypass all.
    You can use them, but beeing creative. Checking a boolean is not secure, as you only have to change 1 bit to change the test condition in ASM :)
    Alternatively, you can also quite easely set a timer enable to false...
    And do not close the soft or make the debugger crash...
    You'd better make the reverser have a walk in a very
    complicated sub program that caluculate probabilites
    of whatever unsueful but mathematically interesting...
    Using parallel threads... he he he ...
    And checksum time to time inside dummy crypto-like functions...
    You can also use binary obfuscation. That will lead to dead line debugging a pain in the ass , if you forgive the triviality of the expression.
    Home made packers.
    and virtual machines.
    The goal is not to make the soft unbreakable,
    The goal is to make it stronger than the nervous system of the cracker.
    As for softice and derivated/mods. It's not used anymore.

    For example

    function SoftIceVXDDetected: Boolean;
    begin
    try
    asm
    push esi //save (prelude)
    push edi
    mov ax, $1684 //<---ax register, so we work in 16 bits
    mov bx, $0202 // VXD ID for SoftIce <--- Good luck to find this signature inside a NT kernel
    xor di, di
    mov es, di
    int $2F //<---Are you kidding you hope to use a 2F interuption in a NT Kernel ??? Exception here.
    //unless you find a gateway to ring 0 (but it will be unuseful anyway in this case)
    mov ax, es
    add di,ax
    cmp di, 0
    jne @@softice_detected //Will never happen since XP (ot NT 4)
    mov ax, 0
    jmp @@exit
    @@softice_detected:
    mov ax, 1 //Nop Ax will ever be 0
    @@exit:
    pop edi //restaure (postlude)
    pop esi
    end;
    except
    // Not hooked
    result:=False; // Of course...
    end;
    end;
    //------------

    can (should) be skipped unless you work with a non NT kernel (DOS/windows 95/98/98SE/ME)
    Since drivers are not vxd anymore, and systems are not 16 bits anymore.
    And there's a separation between kernelland and userland.

    just for the beauty of the talk about binary obfucation:
    https://www.youtube.com/watch?v=iva16Bg5imQ

    You can also check this project
    http://adf.ly/3114392/http://leetupload.com/database/Win32/Sources/Delphi/DllMemoryLoader.zip

    that is a very good starting point to make the reverser job harder, using this technic to implement the anti debug code.
     
  19. dxndx
    Offline

    dxndx DF Member

    RE:

    thanks
     
  20. ROBSMI
    Offline

    ROBSMI Guest

    RE:

    thank you
     

Share This Page

Laws
Our website, law, laws, copyright and aims to be respectful of individual rights. Our site, as defined in the law of 5651 serves as a provider of space. According to the law, contrary to the law of site management has no obligation to monitor content. Therefore, our site has adopted the principle of fit and remove. Works are subject to copyright laws and is shared in a manner that violated their legal rights, or professional associations, rights holders who, adsdelphi@gmail.com I can reach us at e-mail address. Complaints considered to be infringing on the examination of the content will be removed from our site.
Donate Help To Us and Be VIP
DONATIONS WITH PAYPAL CLICK TO BUTTON
6 MONTHS VIP - 20$; 1 YEAR VIP - 30$; 2 YEARS VIP - 50$; GOLD USER FOR LIFE VIP - 150$
Social Block