Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Interlocked protection (https://forum.exetools.com/showthread.php?t=2791)

OurS 10-02-2003 19:23
Interlocked protection
 
I currently working with friends on new Tpkd.sys antidebbuging techniques.
The work is still in progress. I have a question about in-out vagaries.

What does this code repeted four time in the sys and used in decrypting int1 and int3 custom handlers :
Out dx, al with al=80h and dx=70h
jump $+2
jump$+2
In al, dx with al=80h and dx=71h
jump $+2
jump$+2
out dx, al with al=00h and dx=70h
mov byte ptr [ebp-8], al is it RTC clock without NMI ????
jump $+2
jump$+2
in al, dx with al = 18h and dx=21 h is it PIC reading ?

How can repeating such a code detect debbugger?

Thanks
%OuRs%


All times are GMT +8. The time now is 16:38.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX