1.Introduction

 

In my previous tutorial1​​ on HASP SL (6.41.95) I demonstrated how to easily find the OEP, dumping and rebuilding of the target application. The main goal of this tutorial is to do a little more in-depth analysis, how to manually bypass the anti-debug feature and finding out what version you are dealing with etc. Also this tutorial includes a flash-movie of the manual handy work​​ described in this tutorial. Dodging the anti-debug, finding OEP, dumping and rebuilding. All done in about 2.5 minutes! So are you ready? Got your gear?

 

Beer?Check!

Peanuts?Check!

ImportRec?Check!

OllyDbg?CHECK!

 

Alrighty then.. Let’s go!

 

 

2.Acquiring The Target Application

 

The example target can be downloaded from the minitab site:

 

 

3.Manually Dodging The Anti-Debug Tricks

 

Ok, to make things a little more of a​​ ‘sport’ I will not use any anti-debug plug-ins but rather dodge them manually using some tricks. Right, if we where to load our executable into Olly and run it, we will get something like this:

9k= - Sentinel SL Framework Guide

 

 

 

 

 

 

 

 

 

 

Figure 1.1 Ugly​​ “Badboy, keep your debugger out, please”-screen (for you Lena)

 

Obviously our attempt to look into the code has stirred up some angry feelings of certain protector developers. Setting a breakpoint on IsDebuggerPresent will do the trick here, wont it? Let’s try!

 

 

 

 

 

 

 

 

 

 

 

 

Ok, we break all right. And EAX is 1 (debugger present)