Code: Select all
- Extract OllyDbg (http://www.ollydbg.de/odbg110.zip) - put StrongOD plugin in the ollydbg directory (https://tuts4you.com/download.php?view.2028) - run OllyDbg (normal/admin, makes no difference) under Sandboxie - "Click OK to Patch ClassName" > OK - OllyDbg gets deleted.
Weirdly, Sandboxie was STILL used to start it up!?
3/ So I restarted my computer, and tried re-run OllyDbg (now under C:\tmp). Sandboxie did not capture it anymore (as it is supposed to do).
And it did run normally, no deleting of OllyDbg.
==> I think it is because of this:
Inside StrongOD.dll there is this call:
I think it does not get the right process name (maybe Sandboxie one?), but definitely not OllyDbg.exe.