Execution Code by using real CPU! no Emulation!!

Quote:

Originally Posted by bilbo

Yes, it's true.
Try playing with VirtualProtectEx() using PAGE_GUARD as new access protection.
Any following attempt to read from or write to a guarded page causes the system to raise a STATUS_GUARD_PAGE exception.

Thank you but do you think VMware work on this method?

Quote:

Originally Posted by bilbo

Anyway, I don't think that if you raise an exception at every memory access you will be faster than emulating the CPU or single stepping through your code...

I think at least running all code except Memory access will be fast. What about privilege instruction how I can detect them? with which exception?

[bilbo]

I would love to know how VMWare works, but I don't know...
By the way, I have never tried to reverse it, because it refuses to run on an old AMD K6 I have, and I don't like this...

Quote:

What about privilege instruction how I can detect them? with which exception?

That's another issue. They generate GP (General Protection - handled by interrupt slot 13).

Regards, bilbo

VMWare use ring-0. Do you know how we can make an exception handling process by using a sys file. Is there any sample in DDK? How it detect memory access and privilged commend? VMWARE and VPC2004 both only work on 2000 and XP. they do not work on Win2003 and Win98.!?
It seem they dont use exception handling in ring-3...