Skype and Anti-Debugging protections
If you are one of the casual reversers like me and only reverse code when you feel you are wronged by a software manufacturer, skype should be the software for you.
I have a software installed on my machine and upon starting skype I got this interesting error:
So I set out on my hunt to find what instructions were being executed on my CPU (there’s nothing wrong with that …isn’t it?). I found that there was an interesting piece of code that was checking for the presence of debuggers. Specifically the presence of \\.\ntice which is the name of the service which CompuWare Device DriverStudio runs the debugger as. Click on the thumbnail below to look at the disassembly.
What was interesting was a simple JMPS instead of a JE could help someone change the way their CPU was behaving (i.e., not allowing skype to run).
As Stewie Griffin would say “Victory is mine!”.
No related posts.
