FYI: there is a new plugin (http://newgre.net/idastealth) for IDA Pro, which aims to hide the IDA debugger from some anti-debugging tricks. It's still alpha and misses some features, but seems to work quite well.

http://newgre.net/idastealth

Edit: Urls don't seem to work, no matter if chec parse automaticall or insert them via the url button!?

Here you go. I'll also make an entry for the CRCETL, assuming it's not already there.

Actually, it was added to the CRCETL back on June 7, 2008!

http://www.woodmann.com/collaborative/tools/index.php/Category:IDA_Extensions

Regards,

Does this work for the anti IDA disassembly stuff? (IDA loops forever).

SiGiNT

it's only a plugin to hide a running debugger from various detection mechanisms, i.e there are no such countermeasures against anti-disassembly tricks.