From Collaborative RCE Tool Library

Jump to: navigation, search

Anti Anti-BPM FrameWork

Tool name: Anti Anti-BPM FrameWork
Rating: 0.0 (0 votes)
Author: Robert Yates                        
Website: http://www.reverse-engineering.info
Current version:
Last updated: September 19, 2003
Direct D/L link: http://www.reverse-engineering.info/SystemCoding/gd_drx.rar
License type: GNU
Description: This is a fully working example of using Intels GD(General Detection) bit,
to invoke debug exceptions upon any access to a debug register.

Currently, the provided source will lock down any drx access to only
NTICE, a hardcoded base for my NTICE is in the src, you may need to
modify this for you own, search the source for the keyword ACCESS_RIGHTS.

Any attempt of a MOV REG, DRX will be 'faked' by placing a default value
into the reg to fool the calling app into thinking no BPMs are set.
Any attempt of a MOV DRX, REG will be totally ignored, or emulated if
NTICE is the caller.

All output is given via debug msgs which have been formatted to be read
by sysinternals debugview(included) with force linefeed on.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)