User(s) browsing this thread: 1 Guest(s)
Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MxO Client - Preventing Debugging (updated)
06-17-2009, 09:31 PM (This post was last modified: 06-19-2009 08:05 PM by Morpheus.)
Post: #1
MxO Client - Preventing Debugging (updated)
Note: this info is preliminar and not a 100% fact (yet)

Its possible to use a debugger to see how matrix works. It doesnt work in the end when ya need to see a full login example, because it stops randomly and doesnt go-on or make a jump to innaccesible memory addresses.

Just why and how?

Answer to the first part is obvious: self protect code
To the second part: looks like it got some antidebugger code just as follows:

Object "CLTEvilBlockingLoginObserver"
--> Method "WaitForEvent()"

Apart from the "evil" tag, if we search info about "WaitForEvent()" on c++ in google, we can see that method waits for an event (internal or not) to stop waiting and go-on. this could be done infinitely and just f... stops your debugger.

UPDATE:

As it was in some ways guessed, MxO client got anti-debugging meassures to assure itself that there is no one trying to reach its internal code.

This meassures can be bypassed using standard and public available plugins that make a masquerade to the debuggers on the market.

Using this method provides a full login sequence till world server, even debugging when playing.

[Image: morphsig1.png]
[Image: ubd8457.png]
http://twitter.com/johnkussack [twitter]
Find all posts by this user
Quote this message in a reply
06-19-2009, 08:06 PM
Post: #2
RE: MxO Client - Preventing Debugging (updated)
updated (see above)

[Image: morphsig1.png]
[Image: ubd8457.png]
http://twitter.com/johnkussack [twitter]
Find all posts by this user
Quote this message in a reply
06-29-2009, 05:09 AM
Post: #3
RE: MxO Client - Preventing Debugging (updated)
hah, nothing evil about CLTEvilBlockingLoginObserver
its just a login observer class that "blocks", which is considered "evil" in todays multithreaded applications
i have actually found the dll/exe to have very MINIMAL anti debug, its even compiled with some debugging info left in and some optimizations disabled (because its quite old, and they didnt care, and the class design is complex enough)
if you dont know what a "observer" is, then what are you doing reverse engineering this ?
http://en.wikipedia.org/wiki/Observer_pattern
Quote this message in a reply
06-29-2009, 05:36 AM
Post: #4
RE: MxO Client - Preventing Debugging (updated)
(06-29-2009 05:09 AM)rajkosto Wrote:  if you dont know what a "observer" is, then what are you doing reverse engineering this ?
Maybe we were waiting for you to bring us light.

Myself ever did any reversing, just doing this as playground / starting sandbox Confused.

So any help/guide/tutor appreciated xD.

To me was like a boolean:

Hidden debugger -> works
No hidden debugger -> fail

So.... that

[Image: morphsig1.png]
[Image: ubd8457.png]
http://twitter.com/johnkussack [twitter]
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: