Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Themida Attack
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #16  
Old 01-17-2005, 22:50
jemos
 
Posts: n/a
Thumbs up
Quote:
Originally Posted by doug
It uses it to do synchronization (ex: wait until some dword in driver = 1) - probably due to the multi-threaded nature of the protection.
I'm not sure if this is still done, but the xprot driver used to give read/write access on the IDT as well; so the user-mode application was able to dynamically change the int1/int3 descriptors.
This new "version" might use a less primitive method, an Event created
by the client, named "XprotEvent".

About the access on the IDT, well it already has read write flags (the
page, at least on my puter) so it just (at least until what I've traced)
changes the super-visor flag to user-mode flag to the reasons we already know.

I havent much time to continue the study... maybe soon
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Turbo Attack UnknwnGaming Source Code 2 11-20-2022 01:18
known-plaintext attack eychei General Discussion 6 04-08-2018 06:03
RC4 Attack DARKER General Discussion 1 02-27-2015 02:44
Zip Plaintext Attack Query Numega Softice General Discussion 1 03-26-2004 01:30


All times are GMT +8. The time now is 00:10.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )