Results 1 to 9 of 9

Thread: [Plugin] Polymorphic Breakpoint

  1. #1
    Mattwood
    Guest

    [Plugin] Polymorphic Breakpoint

    Hi,

    I just released a new plugin for set special breakpoint.

    http://reverseengineering.online.fr/spip/article.php3?id_article=50 (Source are included)

    Cheers.

    Mattwood^FRET
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,525
    Blog Entries
    15

    [Plugin] Polymorphic Breakpoint

    nice to see it here

  3. #3

    [Plugin] Polymorphic Breakpoint

    i try but don´t work for me, i don´t know if i use well, but i try with any polimorphic bp, put run, stop in a ACCESS VIOLATION , but when i pres shift +f9 for skip the exception and continue the program generate a error and crash.

    A little explanation of the method of use i think is necesary

    Ricardo Narvaja

  4. #4

    [Plugin] Polymorphic Breakpoint

    i try but don´t work for me, i don´t know if i use well, but i try with any polimorphic bp, put run, stop in a ACCESS VIOLATION , but when i pres shift +f9 for skip the exception and continue the program generate a error and crash.

    A little explanation of the method of use i think is necesary

    Ricardo Narvaja

  5. #5
    Mattwood
    Guest

    [Plugin] Polymorphic Breakpoint

    lol ricardo of course, look:

    With the first version of breakpoint we have :
    CALL unpatche.01006381
    FSUB ST(5),ST
    XOR DWORD PTR SS:[ESP],1337 ; <= EXCEPTION
    JMP NEAR DWORD PTR SS:[ESP] ; kernel32.7C816D4F

    Here the program crash because you need special caracteristic as WRITABLE

    So i created a second version of breakpoint
    The Stack Polymorphic breakpoint

    CALL unpatche.01006398
    PUSH 0FE21
    XOR BYTE PTR SS:[ESP],0CA
    JMP NEAR ESP

    The stack is writable and executable so i use it, it 's a better way.

    Mattwood^FRET
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6

    [Plugin] Polymorphic Breakpoint

    yes i see, when loop, pause, press minus to return to the bp adress, new origin here, quit bp and RUN.

    With this sequence pause and you can continue.

    Ricardo

  7. #7
    Mattwood
    Guest

    [Plugin] Polymorphic Breakpoint

    Yes for remove a breakpoint you need to pause ollydbg. And after go to the Polymorphic breakpoint manager



    Mattwood^FRET
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    odshell
    Guest

    [Plugin] Polymorphic Breakpoint

    To Mattwood:

    From your readme.txt:
    [i]
    The way of the plugin is to set a polymorphic EBFE likes :

    00DE321C . E8 02000000 CALL 0x90f.00DE3223
    00DE3221 . DCED FSUB ST(5),ST
    00DE3223 &#036; 813424 371300>XOR DWORD PTR SS:[ESP],1337
    00DE322A .- FF2424 JMP NEAR DWORD PTR SS:[ESP]

    Here the routine decrypt DCED with 1337 and the word at [00DE3221] = EBFE, but this way need to special right : the section must be writable.
    /[i]

    Did you test it?Your code is wrong.
    [ESP]=00DE3221,
    [[ESP]]=[00DE3221]=EDDC
    So "XOR DWORD PTR SS:[ESP],1337" is what meaning?Doesn't worked.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Mattwood
    Guest

    [Plugin] Polymorphic Breakpoint

    OMFG Thanks you odshell

    I corrected it

    You can download the news version at http://reverseengineering.online.fr/spip/article.php3?id_article=50
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Polymorphic decryption/encryption
    By vect0r in forum The Newbie Forum
    Replies: 2
    Last Post: August 14th, 2008, 14:44
  2. Breakpoint on module
    By Stcruxenio in forum OllyDbg Support Forums
    Replies: 3
    Last Post: October 24th, 2005, 01:29
  3. Breakpoint problem
    By Fuel in forum OllyDbg Support Forums
    Replies: 1
    Last Post: September 26th, 2005, 07:45
  4. Breakpoint
    By TrainingDay in forum The Newbie Forum
    Replies: 12
    Last Post: March 13th, 2005, 01:59
  5. Breakpoint issue
    By helloword in forum OllyDbg Support Forums
    Replies: 1
    Last Post: February 7th, 2003, 07:55

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •