[Tut] BoI Bypass AntiDebugger

0xDEC0DE · 06/06/2010, 06:33

Apparently it doesn't work for others, but just follow the links especialy the unpacking VMprotect 2.0 and you'll be able to figure out the correct settings

Quote:

To bypass the anti-debugger functions of Battle of Immortals (which uses VMProtect V2.01) on WinXp 32bit I use the following setup on ollydbg 1.1. Please note that just because it works for me doesn't mean it will for you o.0

1) I setup Olly as the following

2) I use StrongOD and followed his/her instructions . Note, i didn't use CreateAsRestrict because it didn't work. Also for the latest dbghelp (as of atm) pw: moose

3) Lastly here's the settings i use for StrongOD

More Info, Useful Links
-
-
-

Notes
-Other Olly plugins might interfere with StrongOD, so you might have to disable them
-Game.exe is protected with vmProtect so any patching will have to made as runtime with a loader (i suggest dUp)
-I'm not any good at ollydbg, unpacking and the whatnot but I thought I would just dump this here to save people some time rather then having them find this on there own.
-I was only able to get this to work on Windows XP
-This is a rather confusing tutorials so if you have any questions i might be able to help, so feel free to ask.

0xDEC0DE · 06/06/2010, 06:35

Just though i'd dump this tutorial since i don't play anymore and it was just sitting on my HD. So enjoy~

konserwa · 06/06/2010, 20:01

for me its dont work

gerble93 · 06/07/2010, 05:47

Please post some form a proof that is isn't a virus.
And post some picture or video;;
using fraps, or hypercam
to prove that it works!
You can scan it at:

0xDEC0DE · 06/07/2010, 06:56

Quote:

Originally Posted by gerble93

Please post some form a proof that is isn't a virus.
And post some picture or video;;
using fraps, or hypercam
to prove that it works!
You can scan it at:

If you think that the dbghelp.dll file I uploaded is a virus go download it directly from microsoft at

. Howeverits wrapped into an iso that's about 600mb, just trying to save peeps the trouble of downloading the whole file.

Maybe i didn't make myself clear, but i only got it to bypass vmprotect on XP 32bit but that's because some anti-debugger plugins dont work 100% on win7. As for proof... well i didn't just magically know where the in-game functions were located at...

Quote:

Please note that just because it works for me doesn't mean it will for you o.0

Reality is that if you can't bypass this on your own, then you probably shouldn't be trying. That being said it took me a few days to figure it out since i'm a n00b, but i dont give up.

dwar · 06/07/2010, 08:18

bypassing anti-dbg and attaching the debugger is a common thing when you work with VMProtect. More advanced thing is a finding/fixing IAT.

Quote:

to prove that it works!

LCF-AT (author of the bypassing tutorial) method works

Huseby · 06/07/2010, 11:06

Quote:

Originally Posted by gerble93

Please post some form a proof that is isn't a virus.
And post some picture or video;;
using fraps, or hypercam
to prove that it works!
You can scan it at:

Hes clean, no worries.

Jamboo · 06/07/2010, 19:35

I'm not that noob at dissambling, but I've never used any plugins with ollydbg. How am I supposed to install this plugin? I've searched 30 mins on google and stuff, but can't find anything. I've already made some cool hacks for BOI such as speedhack, auto repair anywhere and my own bot. Thanks in advance

0xDEC0DE · 06/07/2010, 20:39

Quote:

Originally Posted by Jamboo

I'm not that noob at dissambling, but I've never used any plugins with ollydbg. How am I supposed to install this plugin? I've searched 30 mins on google and stuff, but can't find anything. I've already made some cool hacks for BOI such as speedhack, auto repair anywhere and my own bot. Thanks in advance

You put the plugin's .dll in the plugin folder, which is can be set in options > appearance > directories. Right now Ollydbg2.0 doesn't suppost plugins only 1.1 does

Jamboo · 06/07/2010, 21:17

Quote:

Originally Posted by 0xDEC0DE

You put the plugin's .dll in the plugin folder, which is can be set in options > appearance > directories. Right now Ollydbg2.0 doesn't suppost plugins only 1.1 does

thanks! so that's why I couldn't find it I kept browsing on the options and on the internet and couldnt find anything.

Lets see if this works on my 32bit XP Pro SP3

Edit: nah, doesn't work

Arcо · 06/08/2010, 09:00

Very nice tutorial indeed.

~~phantom23~~ · 07/27/2010, 01:45

Quote:

Originally Posted by Jamboo

thanks! so that's why I couldn't find it I kept browsing on the options and on the internet and couldnt find anything.

Lets see if this works on my 32bit XP Pro SP3

Edit: nah, doesn't work

i know that im new and this post is a bit old, but this is working, i get the game running with no messages from my vm with xp 32 bit, i have win 7 64 bit so its more complicate have the things working. thanx a lot for the tut. good luck
even i could run, i just use the orinigal ollydbg with the strongOD plugin.