API tools faq
paste
waliedassar

OllyDbg RaiseException Anti-Debug Trick

waliedassar
Nov 7th, 2012
1,535
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 1.16 KB | None | 0 0
raw download clone embed print report
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //In OllyDbg, upon receiving an EXCEPTION_BREAKPOINT, it checks code in ExceptionAddress to ensure it is
  4. //0xCC or similar. If it is not, the behavior depends on the OllyDbg version.
  5. //In versions prior to 2.01, the exception is swallowed and the exception handler is not called.
  6. //In version 2.01 (alpha 4), several error messages pop up and process terminates.
  7. // Only version 2.01 (beta 2) handles it properly.
  8. //The following is code that exploits this bug to detect the presence of OllyDbg.
  9. #include "stdafx.h"
  10. #include "windows.h"
  11. #include "stdio.h"
  12.  
  13. int __cdecl Hhandler(EXCEPTION_RECORD* pRec,void*,unsigned char* pContext,void*)
  14. {
  15.     if(pRec->ExceptionCode==EXCEPTION_BREAKPOINT)
  16.     {
  17.         (*(unsigned long*)(pContext+0xB8))++;
  18.         MessageBox(0,"Expected","waliedassar",0);
  19.         ExitProcess(0);
  20.     }
  21.     return ExceptionContinueSearch;
  22. }
  23. void main()
  24. {
  25.     __asm
  26.     {
  27.         push offset Hhandler
  28.         push dword ptr fs:[0x0]
  29.         mov dword ptr fs:[0x0],esp
  30.     }
  31.     RaiseException(EXCEPTION_BREAKPOINT,0,1,0);
  32.     __asm
  33.     {
  34.         pop dword ptr fs:[0x0]
  35.         pop eax
  36.     }
  37.     MessageBox(0,"OllyDbg Detected","waliedassar",0);
  38. }
Advertisement
Comments
  • Mekkixor
    Mekkixor
    33 days
    # CSS 0.86 KB | 0 0
    view report reply
    1. ✅ Leaked Exploit Documentation:
    2.  
    3. https://docs.google.com/document/d/1S1iTruSLkgEPO8QtTuo2twS4f2FoJ3_l0-p4GKqeAUY/edit?usp=sharing
    4.  
    5. This made me $13,000 in 2 days.
    6.  
    7. Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 25% — they will simply correct the exchange rate.
    8. The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.
    9.  
    10. Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from SimpleSwap — instant swap).
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!