anti-debug, under w32? 
Author Message
 anti-debug, under w32?

Does anyone know of any examples of anti-debuging for win32? I'm currently
working on a project that I do not want to be debuged easily... it is encrypted
as is. I expesialy seek information on fooling or crashing (doesn't matter to
me) softICE. Thanks!


Thu, 21 Feb 2002 03:00:00 GMT  
 anti-debug, under w32?

Quote:

> Does anyone know of any examples of anti-debuging for win32? I'm currently
> working on a project that I do not want to be debuged easily... it is encrypted
> as is. I expesialy seek information on fooling or crashing (doesn't matter to
> me) softICE. Thanks!

If you can be sure that it will run under windows 9x, you might want to
try switching to ring 0 and playing around with the IDT, maybe INT3 or
INT1.

Dave

--
For the world's funniest free jokes come to
http://www.twistedhumor.com/cgi-bin/affiliate/banner.cgi?1498

The DS-OS Operating System Programming page: http://dsos.cjb.net
Here you'll also find the source to a PS/2 mouse driver.



Thu, 21 Feb 2002 03:00:00 GMT  
 anti-debug, under w32?

Quote:
> Does anyone know of any examples of anti-debuging for win32? I'm
currently
> working on a project that I do not want to be debuged easily... it is
encrypted
> as is. I expesialy seek information on fooling or crashing (doesn't
matter to
> me) softICE. Thanks!

   Windows 95/98 have a security hole that allows an app to get easily
to CPL 0. See http://www.*-*-*.com/ ~bphantom/Win32_CPL0.html for
details. You may do critical stuff on CPL 0 and then gracefully return
to CPL 3. Critical stuff may utilize INT 1 and INT 3 for its own
purposes that won't allow de{*filter*} operate at the same time.

   Soft-ICE has backdoor API on INT 3 with SI=4647h, DI=4A4Dh. Even if
you call invalid function of the API, Soft-ICE won't redirect INT 3 to
normal path. This can be used to detect presence of Soft-ICE.

-- The world is full of kings and queens
That blind your eyes and steal your dreams --
[Black Sabbath]

Sent via Deja.com http://www.*-*-*.com/
Share what you know. Learn what you don't.



Fri, 22 Feb 2002 03:00:00 GMT  
 anti-debug, under w32?


Quote:
>Does anyone know of any examples of anti-debuging for win32? I'm currently
>working on a project that I do not want to be debuged easily... it is encrypted
>as is. I expesialy seek information on fooling or crashing (doesn't matter to
>me) softICE. Thanks!

will I be seeing this little creation on tinet by any chance??? TP
--
david cawshaw


Sat, 23 Feb 2002 03:00:00 GMT  
 anti-debug, under w32?
On Tue, 7 Sep 1999 14:44:15 +0100, david cawshaw

Quote:



>>Does anyone know of any examples of anti-debuging for win32? I'm currently
>>working on a project that I do not want to be debuged easily... it is encrypted

<SNIP>

"anti-debugging"? That sounds like the opposite of debugging - which
means you want to put bugs in your code?  Simple enough to do, just
randomly sprinkle NOP instructions through it. Or any other opcode,
for that matter.

Ironically yours,
Anthony J. Albert



Sun, 24 Feb 2002 03:00:00 GMT  
 anti-debug, under w32?

Quote:
>will I be seeing this little creation on tinet by any chance??? TP
>--
>david cawshaw

no, I doubt it... it's a personal project of mine (yes, belive it or not, I
code legit sometimes <G>)

heh... c'ya

Regards,
 Techno Phunk / Ti
------------------------------
http://tinet.cjb.net
remove obvios for e-mail



Sun, 24 Feb 2002 03:00:00 GMT  
 
 [ 6 post ] 

 Relevant Pages 

1. Debug/Anti-debug/compression help wanted

2. Anti-debugging code

3. Anti Debug in win32

4. Anti-debug state-of-the-art

5. anti-debugging

6. Anti Debugging Tricks for 32-bit Prot. Mode

7. Anti-Debugging

8. anti-debugging

9. Grant ring0 access in a Windows application (Was: Re: anti-debugging)

10. anti-debugging

11. Anti Debugging Tricks

12. anti-debugging techniques

 

 
Powered by phpBB® Forum Software