From Collaborative RCE Tool Library

Jump to: navigation, search

Antisptd

Tool name: Antisptd
Rating: 0.0 (0 votes)
Author: smoke                        
Website: http://www.woodmann.com/forum/showthread.php?t=11870
Current version:
Last updated: July 1, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Antisptd is a driver that makes it possible for SoftICE to load when sptd.sys is present. It uses the method described by Kayaker (see related URLs below) and that is, by removing the notifyroutine sptd sets to prevent ntice.sys to load. After ntice.sys gets loaded, it restores the notifyroutine and the keyboard hooks in i8042prt.sys that have been screwed by the sptd.sys


How to use it:

Just put the startsi.exe in a directory with antisptd.sys and execute startsi.exe.


Compatibility issues

The driver should work on XP SP2/SP3 with the latest SoftICE installed. I have no idea if it'll work on XP SP1 (cause I have used hard-coded values to locate the patches). If it doesn't work, feel free to modify the sources and recompile the driver yourself. ;)
Related URLs:
Forum thread discussing anti-debug features of sptd / Daemon Tools:
http://www.woodmann.com/forum/showthread.php?t=9201
Another forum thread with some (possibly) additional information:
http://www.woodmann.com/forum/showthread.php?p=64335


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Antisptd"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (983)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (12)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (16)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (13)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (79)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (32)
   Regular Expression Tools  (3)
   Resource Editors  (12)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (137)
   CFF Explorer Extensions  (5)
   Filemon Extensions  (1)
   Firefox Extensions  (1)
   Hexer Extensions  (1)
   IDA Extensions  (39)
   ImpREC Extensions  (2)
   Obsidian Extensions  (1)
   OllyDbg Custom Versions  (3)
   OllyDbg Extensions  (71)
   Regmon Extensions  (1)
   SoftICE Extensions  (6)
   WinDbg Extensions  (6)
   Tool Hiding Tools  (5)
   Tool Signatures  (22)
   Tracers  (17)
   Unpacking Tools  (59)
   Needs New Category  (2)