Results 1 to 6 of 6

Thread: PoC: Hiding the caller.

  1. #1

    PoC: Hiding the caller.

    o The detector can not detect the caller through an analysis of the stack.
    o Processing of SEH outside of modules(also hidden).

    Stpt.zip

  2. #2
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4

    lol stump o0

    Works of 'black' art is still art,http://www.darkscenario.com/darkgallery/index-1.html.(a far reference to evaluators reply?)

    Nice work Indy.
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  3. #3
    Segment of code caller the API will be detected rootkit detector, which takes the return address from the stack. Such a model makes the call, this detection is not possible. In a complex environment is not is acceptable procedural of branching in the module. This is the standard call model AV expect from us

  4. #4
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,524
    Blog Entries
    1
    1. i not understood description
    2. this program does crash on
    0040132B: mov [7C97C9DC], eax

    what now?

  5. #5
    evaluator
    Description is not required, since this is the code. It is very simple.
    It should crash, as this PoC. Two addresses are given constant (the gateway as well), these values you have any other. Code to study, not to run.

    Here is a working example Stpt.zip

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,524
    Blog Entries
    1
    ok, that works.
    ok, there i see nothing to comment.

Similar Threads

  1. Hiding Threads From Debuggers
    By walied in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: November 24th, 2012, 20:34
  2. Hiding Si
    By ReVeR in forum The Newbie Forum
    Replies: 8
    Last Post: July 30th, 2004, 15:55
  3. Hiding SoftIce
    By SilSaLaMaTa in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: September 21st, 2002, 03:25
  4. Hiding SI in WINNT4/2K DS2.5
    By +SplAj in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: December 23rd, 2001, 19:21
  5. Hiding SI NT2K :)
    By +SplAj in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 11th, 2001, 04:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •