Ollydbg - bypass isDebuggerPresent

    other Ollydbg - bypass isDebuggerPresent

    Hey guys,

    I am trying to get into the game hacking scene (with big letters on "trying"). I already know programming, but I never had to use it to reverse engineer anything or find out how a program works while not having the source code.
    Now I did some research on how to find out what exactly you need to rewrite andfind values you hack using CheatEngine and OllyDBG and I am trying it out on Maplestory (Since apparently it is one of the easier games to hack, or so I have heard) but the protection that is running on maplestory prevents me from running a debugger on it (which kind of makes sense from a company perspective).

    I was wondering if anyone could explain (or has a link) on how to bypass the detection you get from games/programs when you have a debugger active.

    I did some research and found out most programs that use this kind of protection use the isdebuggerPresent. Now I found a couple of older threads where they bypass this using ollydbg, but I can't seem to get it to work. Probably because these are outdated?

    Anyway, help is appreciated.

    You might want to try immunity debugger I dont know if it will work just a suggestion .


      You're trying to attach a debugger while it is running?


        I tried it, but that program doesn't even see the maplestory process and can't open the exe file either.

        Originally posted by SayHaiLo View Post
        You're trying to attach a debugger while it is running?
        I tried both while it was running and starting from scratch.
        If I start from scratch, the maplestory start window won't even load, it just gives me an error that I have a debugger running.

        If I run the debugger while maplestory is running, he will instantly kill the process.


          You use cheat engine to search for addresses not olly but do they even let you run cheat engine as well?


            CheatEngine works just fine, and I can find single addresses for specific things and their origin address doesn't show anything when I search for vlaues, but ollydbg allows me to run trough their code and check things on the assembly code itself (in theory).
              I'm pretty sure there's a better way to run through the code with cheat engine you can check what accesses the address and read the asm from there.
              You can also dump Maplestory.exe to get a full view of the code section but I don't think there is a way to "debug" it unless you have a bypass.

              You can also search around the forums for AOB (Area of Bytes or Signatures) that still work.

              Character Breath Count AOB for example still works: 83 B8 ?? ?? 00 00 00 7E ?? 6A 00 6A 00 6A 00 6A 00
                I suggest taking a look at tuts4you(dot)com


                  Cheers @Anonymous, This website was exactly the kind I was looking for.


                    you need to likely download a plugin for olly which hooks isDebuggerPresent, I forget which one it is or whether it's just a setting you can change in olly itself. If you're keen on trying to get past the detection using that func, hook it and return FALSE. but to be honest I doubt that's what maple only uses, not 100% sure


                      I was able to hook it using ollydbg 1.10 (using Advanced ollydbg plugin), but it crashes after a few seconds, still figuring out why but at least I am a little further.

                      I read a post that ollydbg 2.xx was better, but I was unable to get the anti-anti debugger plugins to work (ScyllaHide, OllyExt) on the ollydbg 2.xx

                      If this doesn't work i'll have to manually find out where exactly it crashes and see if i can skip the crash.

                      CheatEngine on the other hands doesn't work at all. I used to be able to run scripts on it, but now it just crashes with the detection because I don't have a bypass for it (even in the small window I have I can't seem to find any addresses). But that is a story for a other time.

                      Still working my way trough the tutorials from the link anonymous gave me, so we are making progress


