Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page What is "anti-dump"?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 08-30-2003, 09:16
volodya
 
Posts: n/a
What is "anti-dump"?
Many new idiotic and non-idiotic protectors are announcing themselves as "anti-dumping" ones. It may include:
1) Detecting given process dumper (e.g. ProcDump) in memory and deleteing it, using, e.g. TerminateProcess
2) Possible hiding from process dumper by hooking several API functions (for example, the ones that belong to PSAPI or even native ones like NtQuery*)
3) Simple erasing or filling with garbage the PE Header in memory (not always possible, but...) - teLock does this encreasing NumberOfSection to 2xx that causes dumped process to fail during next launch.
4) ???

Who can continue and make this list wider... I would highly appretiate any examples with assembly code. May be anyone knows anything about VirtualProtect or sth like this...
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How come new registrants given "guest" rank and not even a "friend" rank? OldieHans General Discussion 4 09-25-2023 12:19
When use "vendor defined encryption routines", how to set daemon related part? bridgeic General Discussion 6 01-22-2015 11:35
Wlscgen: Are "Vendor Id" and "Developer Id" different ? Numega Softice General Discussion 6 02-12-2007 18:12


All times are GMT +8. The time now is 04:15.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )