x64dbg
Attaching HookLibraryx86 still being detected
Hi,
I am fairly new to reversing so I am sorry for the dumb questions that I am about to ask.
I am trying to reverse this program which has IsDebuggerPresent and CheckRemoteDebuggerPresent to protect against debugging. I used the x32dbg and found that using the Obsidium profile will allow me to run the program without it picking up x32dbg. Now my main goal is to use ScyllaHide with other debugging software such as "Mega Dumper", "Smart assembly explorer", "dnSpy", and "fiddler".
I have looked through the manual so I did use the InjectorCLIx86.exe program to attach the HookLibraryx86.dll file onto the program I am trying to crack. However, this only allows me to open x32dbg debugger and all of the other debuggers I would like to use is still detected by the program.
If anyone could shed some light on what I am doing wrong or how I can fix this it is appreciated!
Hi,
Are you using these programs to start debugging immediately, or are you injecting the hook DLL and then attaching the debugger afterwards?
There are some drawbacks to using the CLI compared to debugger plugins, for example a debugger may change PEB variables such as BeingDebugged after the DLL has been injected by the CLI. This is mainly a problem when attaching though.
I have the same problem. I execute the program I want to attach to outside of x64dbg, then I go to ScyllaHide -> Attach process.
I get a C00000005 exception and the process detects ScyllaHide + exits instantly after.
