Results 1 to 8 of 8

Thread: morpheus anti-sice tricks

Hybrid View

  1. #1
    ignatz
    Guest

    morpheus anti-sice tricks

    hi

    i read a previous thread about morpheus. I got a working dump using DeX but thatīs not all iīm interested in.

    first of all iīd like to understand the anti-sice tricks used by PeX better.

    i figured the int03-SEH trick (code02) as described by +Frog's Print & +Spath

    after this test there is at least one more, which i cannot elude.
    it works similar to the int03 seh.

    the difference is that the exception is generated by an invalid
    mov al, [ebx]
    generatin an exception.

    the exception handler will return to exitprocess ;(

    if i bypass the falty instruction i end up with a messagebox
    +--[PeX ...]----------------------------------+
    | unable to load library |
    +----------------------------------------------+
    (which seems fake to me.)

    and afterwards iīm pushed into exitprocess again. *darn*

    any help greatly appreciated
    farewell
    -Ignatz
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    SilberFuchs
    Guest

    Arrow Pex 0.99

    hi

    i have found one Sice-Check, thisone you described, and nothing more, and the Progi starts without any problem...

    just tracing from Entrypoint a few lines

    "
    Each time you'll meet this trick, you'll see:
    -SI = 4647h
    -DI = 4A4Dh
    Which are the 'magic values' used by SoftIce.
    "

    i patched so: -si=0000 ......

    Ciao
    SilberFuchs
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    ignatz
    Guest
    hi

    i changed the
    int 03
    jmp edx

    to

    div al (al = 0 this will generate exception)
    nop
    ---
    i also tried the si = 0 tick but morpheus wonīt run.

    my version is 1.3.3
    strange thing.
    morpheus does also recognize TRW2000 and refuses to run although the sicedetection fails.

    thanks a lot
    farewell
    -Ignatz
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    XICO2KX
    Guest

    Lightbulb ...

    I don't know if this helps, but on the link below you'll find some info about 12 different anti-SoftIce tricks...
    * http://217.128.240.230/cs/003.htm (CrackStore)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Snatch
    Guest
    Ya I just unpacked the PEX and then I had Morpheus and Kazaa running with Softice loaded without a problem. It is simply the packer that checks for Softice which is pretty cool of it if you ask me.

    Snatch
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    ignatz
    Guest
    actually,
    itīs very nice that morpheus relies on the 100% secure pex encryption

    farewell
    -Ignatz
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    SilberFuchs
    Guest

    morpheus 1.3.3

    hi

    i downloaded the version 1.3.3 and the patch works fine

    patch:

    mov si,0000
    mov di,0000

    Ciao
    SilberFuchs
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    ignatz
    Guest
    still doesnīt work for me ;(

    but thanks for your big help and support !

    maybe iīll figure it out some day.

    farewell
    -Ignatz
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How to get around anti-disassembly tricks on Olly?
    By Sunk in forum The Newbie Forum
    Replies: 2
    Last Post: March 20th, 2012, 14:08
  2. Collection of anti debug tricks
    By Harding in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 18th, 2007, 08:58
  3. PACE interlok TPKD anti-debug tricks
    By Exocist in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: May 4th, 2006, 05:01
  4. anti disassembler tricks x86
    By dominator in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 4th, 2002, 13:50
  5. How to pass the installshield 6 anti-softice tricks?
    By draX in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: June 10th, 2001, 15:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •