Dynamic code for anti-debuger.

Hello,all



if CPU be setted the trap flag.

Dynamic modify itself.

else

normally work.

endif

how it works?

 

dcskm4200

Your english is bad. Have you meant this:

----------------------

If trap flag is setted in CPU then

modify itself dynamically

else

do normal work

endif

How does it work?

----------------------

it is not possible to determine is there a trap-flag on your thread. You can do it only from another thread.

 

hey,NullSessi0n

Thanks you.

clear more

 

NullSessi0n

Your English is not perfect either. In case you wondered.

 

Код (Text):

1. OPVERBEGIN MACRO
2.     local opcodeStart, opcodeEnd
3.  
4.     DD (offset opcodeEnd - offset opcodeStart)  ; block size
5.  
6.     opcodeStart LABEL BYTE
7. ;-----------------------------------
8.     OPVEREND MACRO
9.         opcodeEnd LABEL BYTE
10.     ENDM
11. ;-----------------------------------
12. ENDM
13. ;-----------------------------------
14. R MACRO opcode:req
15.     OPVERBEGIN
16.     opcode
17.     OPVEREND
18. ENDM
19.  
20. CoolFunctionThatRunsBackwards proc
21.  
22.     ;; mark the beginning
23.     OPVERBEGIN
24.  
25.     ;; the size of every opcode here should have attached
26.     R < ror eax, 10 >
27.     R < mov eax, "what" >
28.     R < xor edx, ecx >
29.     R < add eax, "s up" >
30.     R < nop >
31.    
32.     ;; mark the end
33.     OPVEREND
34.  
35.     ret
36. CoolFunctionThatRunsBackwards endp
37.  
38. [/b]

macros error:

" Assembling: test.asm

test.asm(44) : error A2006: undefined symbol : ??001A

OPVERBEGIN(3): Macro Called From

test.asm(44): Main Line Code "



where does the erreo be occured?





regards

 

Код (Text):

1. ;----------------------------------------
2. [b]SEH_NODE struct
3.     _preHandler        dword ?
4.     _execeptionHandler dword ?
5. SEH_NODE ends
6. ;----------------------------------------
7. ;; SEH macros
8. PUSH_SEH MACRO sehHandler:req
9.     ASSUME FS:NOTHING
10.     mov eax,fs:[0]
11.     ASSUME eax: ptr SEH_NODE
12.     push sehHandler
13.     push [eax]._execeptionHandler
14.     mov fs:[0],esp
15. ENDM
16. ;-----------------------------------
17. POP_SEH MACRO
18.     pop fs:[0]
19.     add esp,4
20. ENDM
21. ;====================================
22. ;; exception handler
23. expHandler proc c expRecord:dword,expFrame:dword,contextPtr:dword,dispContext:dword
24.     pusha
25.     mov ebx,contextPtr
26.     ASSUME ebx:ptr CONTEXT
27.  
28.     ;; clear trap flag
29.     and [ebx].regFlag,0FFFFFEFFh
30.  
31.     ;; change the opcode to NOP
32.     mov ebx,[ebx].regEip
33.     mov byte ptr [ebx],090h
34.  
35.     popa
36.     mov eax,ExceptionContinueExecution
37.     ret
38. expHandler endp
39. ;-------------------------------------------
40. ;; Self tracing function
41. SelfTracingCode proc
42.  
43.     ;; set up the Handler
44.     PUSH_SEH offset expHandler
45.  
46.     ;; set the trap flag
47.     pushf
48.     or byte ptr [esp+1],1
49.     popf
50.  
51.     ;; this will not be traced
52.     xor eax,eax
53.    
54.     ;; endless loop - this code will change at run-time
55.     jmp $
56.  
57.     ;; remove the handler
58.     POP_SEH
59.  
60.     ret
61. SelfTracingCode endp[/b]