INT2D
Closed this issue · 2 comments
OmuZer commented
Hi, i have a program which is using the INT2D for anti debug. And while running tiny_tracer under the application i confirmed its INT2D anti debug.... Is there any workaround to this? Thanks. EDITED (I saw the hide branch, but it seems so the INT2D flag is not cleared.)
hasherezade commented
hi @OmuZer !
I added logging about those interrupts. Example:
cbbd;kernel32.SetLastError
10133;ntdll.RtlLeaveCriticalSection
8dcc;INT:2d
1011f;ntdll.RtlEnterCriticalSection
Once you have it tagged, you can just patch it out.
For now I am not planning on adding automatic bypasses for any AntiDebug techniques, only to inform about them. Maybe in the future.
OmuZer commented
@hasherezade, Sorry for the late reply. I was busy, but i saw that commit for the logging of "interrupts instructions" that is very helpful, thanks so much! I really appreciate it :).