View Full Version : Is This A New Anti Debug Trick

May 28th, 2007, 20:02
Hi ok i got a program that is packed by the UPolyX v0.5 * packer and i have done many unpackings of this packer but this program is a tricky one it seems that i cant load it or attach to it with Ollydbg with out it shutting it's self down its like it knows when i start up Olly and it wont even run if i have olly started or even softice loaded is there a way for me to hide my debugger from this sly one i have not run into any thing like this befor any help will be welcomed

May 29th, 2007, 01:01
Are you sure that it is UPolyX; more likely SD Protector I guess...

May 29th, 2007, 19:21
Well when i checked it with PEID it says UPolyX v0.5 * maybe peid is wrong on this one hmm ill try few other scaners thanks for the info

May 30th, 2007, 09:47
Try with RDG packer detector, but packer scanners are never absolutely sure since, it is based on sigs. Concerning the anti-debugging trick did you tried the classical Olly anti anti-debug plug-ins ? You should try to rename it, or even remote debugging.

May 30th, 2007, 17:57
yeah i did try the RDG Scanner and it tells me that its (Themida v1.0.0.5) not to sure what that is cant find to much info on it out side of it being a file compresser or srinker and i did try all the anti-debug tricks that i know of out side the remote debugging not to sure on how to do this type of debugging ill figure it out oneday i all was do some how lol thanks for all your guys input on this if you like i can send the file to you its a small file and you can have a look at it or PM me and i can send you the link to get it its a shareware program

June 1st, 2007, 03:30
Sorry, but as the FAQ clearly stated, asking to do your job or giving a link or name or copy of a shareware is against the rule, do not cross the line or mods will make you glow in the dark.

As said, PE scanner are not entirely reliable since it's based on packer signatures. The better way is to get your hands in. Which is not easy.

June 15th, 2007, 10:15
Thermida is a cryptor, from what I know ...

Makes files very big... changes hell of a lot :-)