PDA

View Full Version : Need some help for revirgin 1.2 feature


tsehp
November 5th, 2001, 05:14
Cause I'm lacking some time , I need some help from a c++ programmer.

first possible task :

In rv since 1.2 , you've got a fetch iat feature, this feature is simply a recursive c++ function that searches for calls and tests then if they lead to an iat entry. It starts from oep and follows all calls until such entry is found, then another small routine tries to locate iat start rva + length.

Actually the function is pretty simple and needs to be improved/debugged, sometimes it goes into some endless loops especially with apps with self-modifying code...

second possible task :

I'm also planning in the future to integrate into rv some countermeasures again anti softice tricks. The purpose is not to reinvent the weel as icedump/frogsice are fully covering the problem. But those features are not very well covered on win nt at this time, to my knowledge only ntall from pulsar is available, but made in year 2000 and not updated.
Revirgin already uses a small device driver called rvtracer.sys, so if someone wants to improve it to cover such topics, please contact me.

If someone wants to help, I'll send this person the necessary sources to test this feature, rv is mainly coded with c++ builder 5.



I'm closing this thread, thanks to mail me directly :
tsehp@yahoo.com

regards.