Unhooking Themida's anti-debugging feature
Yo. I need help with removing the hooks of themida. I need to use the windows' debugger so...
This is what I tried:
Code:
bool PatchBack()
{
HMODULE hModule = GetModuleHandle(TEXT("ntdll.dll"));
if (!hModule) return false;
DWORD address = (DWORD)GetProcAddress(hModule, "DbgBreakPoint");
if (!address) return false;
DWORD OldProtect;
if (*(BYTE*)address != 0xCC)// Not an int 3 instruction
{
if (!VirtualProtect((LPVOID)address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &OldProtect)) return false;
*(BYTE*)address = 0xCC;
VirtualProtect((LPVOID)address, sizeof(BYTE), OldProtect, &OldProtect);
}
address = (DWORD)GetProcAddress(hModule, "DbgUiRemoteBreakin");
if (!address) return false;
if (*(BYTE*)address != 0x6A)// Not a push instruction
{
const BYTE original[] = { 0x6A, 0x08, 0x68, 0x40, 0xBA, 0x12, 0x77 };
if (!VirtualProtect((LPVOID)address, sizeof(original), PAGE_EXECUTE_READWRITE, &OldProtect)) return false;
for (BYTE i = 0; i < sizeof(original); i++) ((BYTE*)address)[i] = original[i];
VirtualProtect((LPVOID)address, sizeof(original), OldProtect, &OldProtect);
}
return true;
}
The game is still closing immediately as soon as I call the DebugActiveProcess API.
Also the main reason for doing so is to make CE debugger work.