Results 1 to 11 of 11

Thread: Real LDE.

Hybrid View

  1. #1

    Real LDE.

    (Length Disassembler Engine).

    Determining the length of instructions the processor means. For example the opcode 0xFF0F(0F FF) - has ModR/M byte:
    0F FF 05 DISP32 - 7 byte's.

    LDE.zip

    http://indy-vx.narod.ru/Bin/LDE.zip
    http://rootkits.su/index.php/topic,60.15.html

  2. #2
    Whats the "real" part in the name for?
    I saw some years ago, z0mbies in particular..i think theres a decent one with beaengine too. also for x64... they are quite useful things, wrote my own years ago and discovered how crazy intels encoding is, with exceptions to the 'rules' etc... Fun times

  3. #3
    Quote Originally Posted by evlncrn8 View Post
    Fun times
    Pros start having fun when normal people start getting pissed off. It's the attitude that makes a great reverser.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    It determines the actual length, even for non-existent instructions. No tables, run the instruction on a page boundary. Even the privileged.

    Other engines use a opcode tables. This makes it impossible to determine the lengths of instructions that are in the tables are not described. For the kernel this engine is unnecessary, there should just handle faults, without adjustment Ss/Esp

    To write to a different platform(eg. x64), no need composes new tables.

    As example, determine(bea, z0mbie etc) the size 0F FF 05 =)
    Last edited by Indy; October 16th, 2011 at 00:31.

  5. #5
    Hmm interesting, will have to check it out when i have a bit of time (probably monday).. totally agree about the tables etc... Damn wish i had time now, your post really got me curious now indy :-)

  6. #6
    epic fail не ?

Similar Threads

  1. Real Time Tracing
    By OpenRCE_Sirmabus in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  2. Real-time Steganography with RTP
    By Uninformed Journal in forum Blogs Forum
    Replies: 0
    Last Post: October 22nd, 2007, 12:22
  3. Real Player and recording?
    By Hugo in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: August 17th, 2001, 04:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •