.I wrote a simple anti-anti-debug tester,
playing with GetThreadContext/SetThreadContext,
reading DRx registers and zeroing them
(see adbg-getcontext.zip)
OllyDebug 1.10 fails this test.
it shows the DRx registers, allows zeroing them
and clearing all installed hardware break points.
Dr0 o 0012FF78h
Dr1 o 00406AF4h
Dr2 o 00400000h
Dr3 o 00000000h
Dr6 o FFFF0FF0h
Dr7 o 0FFF0515h
Soft-Ice 4.0.5 running under w2k passes the test.
Dr0 o 00000000h
Dr1 o 00000000h
Dr2 o 00000000h
Dr3 o 00000000h
Dr6 o 00000000h
Dr7 o 00000000h
Soft-Ice 4.0.5 running under w2k running under VMWare 4.5 fails the test.
DRx registers look very strange even no HW breakpoint is set up.
(however, Soft-Ice prevents to remove HW break-points via SetThreadContext)
Dr0 o BE85ADA8h
Dr1 o BE85AD94h
Dr2 o 7FFD0010h
Dr3 o 0012FC88h
Dr6 o 0012FCACh
Dr7 o 00000000h
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}