Comment by Aurornis
4 months ago
> The packer contains some countermeasures, as partially described in this issue, to prevent the use of dynamic tools. Fortunately, these can be easily bypassed.
Does anyone have more details on this step? The linked issue is devoid of information and was closed because the person refused to release the technique publicly.
It's a rabbit hole, but try googling "anti-debugging" (you may want to include "ptrace" or not). It's only if you are curious about it more in general, if you are wondering about this specific protector (secneo?), then that won't help you much, sadly.
As I understood the protection talked about here is a bit different from ptracing your own processes, which is already talked about just above grandparent’s quoted statement.
On that note, I’ll just remark how RE tutorials avoid talking about anything but the basics, and the advanced writeups handwave away the challenging parts, leaving a major void for learners.
I found the courses from Josh Stroschein pretty good in that regard.
The issue says at the end what worked for one respondent.