[GSnake]

I'm trying to reverse an application which debugs itself.
It put 0xcc bytes all over the place: I immediately thought it was a common anti-debug technique but this was not the case. As I continued reversing, I discovered the process had a fully working "custom debugger" which modified the EIP upon receiving a breakpoint interrupt in order to make static analysis more complex.

Now: with a common debugger it is not that simple modifying the EIP each time I encounter a 0xcc byte. What do you suggest to do to follow the code flow?

Thank you very much!

[billbudsocket]

Trace the process execution with Pin, Panda, Qira, etc.

[p1nk]

Any chance you can share an MD5 so we can check it out also to provide advice.

[GSnake]

Any chance you can share an MD5 so we can check it out also to provide advice.

It is a security challenge from a website. I don't know if I can post it here since it would spoil the fun for someone doing it.

Trace the process execution with Pin, Panda, Qira, etc.

A debugger is already attached to the process (which is the process itself), I think I won't be able to attach Pin / the other solutions.
Is it possible to set instructions to be executed when IDA catches a breakpoint interrupt? In this way I could emulate what the "embedded" debugger does.

Thank you!

[futex]

You can try with ollydgb 2, there is a debugging option "follow to child process"