A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #7285  by Flopik
 Thu Jul 14, 2011 11:49 pm
Is there a way to allow debug mode with Skype?
It froze the machine when launching in this mode.(I dont like that kind of protection , I still dont know how the crash the os )
 #7299  by EreTIk
 Fri Jul 15, 2011 1:47 pm
Flopik wrote:And why this is crashing the os?
Сrash or freezing?
Flopik wrote:It froze the machine when launching in this mode
 #7301  by newgre
 Fri Jul 15, 2011 2:11 pm
Skype still has softice protection code.
Apart from that: why do you think you need a kernel debugger anyway? I'd simply use Olly or IDA together with one of the usual debugger hiding plugins and you're done.
 #7303  by Flopik
 Fri Jul 15, 2011 2:20 pm
Froze, maybe i didnt wait enough. I like to be able to have Windbg in local kernel mode.
 #7307  by EreTIk
 Fri Jul 15, 2011 3:52 pm
F.e. try execute code:
Code: Select all
  bool bDebuggerPresent;
    bDebuggerPresent = true;
    bDebuggerPresent = false;
Without DEBUG mode - normal, with DEBUG mode - hang.
This simple construction is used in some products (for detect debugger), including in Skype. Solution: kernel mode debugger or user mode debugging of target process (as described above)
 #8025  by r2nwcnydc
 Mon Aug 15, 2011 12:23 pm
aionescu wrote:You simply need to boot with /noumex and it will no longer freeze.
This only valid for windows vista and later OSes.. So if he is trying this on XP, /noumex will not work.