hasherezade/tiny_tracer

INT2D

Closed this issue · 2 comments

OmuZer commented

Hi, i have a program which is using the INT2D for anti debug. And while running tiny_tracer under the application i confirmed its INT2D anti debug.... Is there any workaround to this? Thanks. EDITED (I saw the hide branch, but it seems so the INT2D flag is not cleared.)

hi @OmuZer !
I added logging about those interrupts. Example:

cbbd;kernel32.SetLastError
10133;ntdll.RtlLeaveCriticalSection
8dcc;INT:2d
1011f;ntdll.RtlEnterCriticalSection

Once you have it tagged, you can just patch it out.
For now I am not planning on adding automatic bypasses for any AntiDebug techniques, only to inform about them. Maybe in the future.

OmuZer commented

@hasherezade, Sorry for the late reply. I was busy, but i saw that commit for the logging of "interrupts instructions" that is very helpful, thanks so much! I really appreciate it :).