»» SolidTrustPay Wajib Bagi Anda Pebisnis Online ««


»» SolidTrustPay must for your online business ««

▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬
»» WELCOME to DOFOLLOW BLOGs "17 January 2012"««
»» Computer & Software Technology Sharing Information««
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
  • Anti-debugging

    Anti-debugging
    I thought this good for myself and maybe others who may find this stuff always difficult to remember. Here are some notables


    PEB Access check for Being Debugged flag

    mov eax, dword fs:[30h] ;location of PEB
    add eax, 2
    mov eax, [eax] ; is this even legal, pseudo :)
    cmp eax, 1

    NTGlobalFlag

    mov eax, dword fs:[30h] ;location of PEB
    add eax, 68 ; PEB + 68h
    mov eax, [eax]
    cmp eax, 70 ;70 is being debugged


    Some commonly used offsets include

    CreateFileA 0x7c801a24
    WriteFileA 0x7c810d87
    StartServiceA 0x77df3238
    WinExec 0x7c86136d
    CreateServiceA 0x77e37071
    CreateThread 0x7c810637
    CreateProcessA 0x7c802367
    CreateMutexA 0x7c80e93f
    ShellExecuteA 0x7ca40ec0

0 komentar:

Penting Menurut Anda ? Bantu Sebarkan ...
  • Share
  • [i]
Warning :
This articles is the property of http://www.tambelanblog.com
Copying and publishing any articles from our site to your websites is strictly NOT allowed


Protected by Copyscape Online Plagiarism Check

#################################################


.::Latest Comments

Recent Comments Widget

.::Search On This Blog

.::About us : Do Follow Blog !!

TambelanBlog, Care to Shared Do Follow Blog

.::Media

.::Translate This Page

Arabic Korean Japanese Chinese Simplified Russian Portuguese
English French German Spain Italian Dutch

.::Subscribe Now For Free

Our Readers

Your email here

Received Update for FREE:

Delivered by FeedBurner

.::Be My Circles

.::Popular Post by Readers

.::Follower to be Followed!

.::First Class Exchange Link!