Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, September 28 2021 @ 03:24 AM CEST
Unpacking NTKrnl Protect 0.1 | 5 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Unpacking NTKrnl Protect 0.1
Authored by: haggar on Friday, January 26 2007 @ 08:29 PM CET
Yes, you're right. CPUID-RDTSC trick is "stolen" , don't know for other tricks. But if it is just that trick taken from his challenge , I doubt that he has reason for complaining. Every protector has RDTSC checks.

Btw, bpx, could you please explain RET-INT3 hack.
I unpacked this protector before, but I don't know why you replaced RET with INT3 ? I sow that protector protects memory. If we step in (F7-F8) block and execute return, we will end in

RDTSC
PUSH EAX
RET

that crush application obviously. So first trick is that protector handler needs to handle exception.

But if it handles RETN (memory is protected) later it crushes (which I found way how to fix btw), but why it doesn't crushes on INT3?
 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.82 seconds