Results 1 to 13 of 13

Thread: Defeating Memory Breakpoints

Hybrid View

  1. #1

    Defeating Memory Breakpoints

    My latest blog post where i explain two anti-Memory-Breakpoints tricks.

    http://waleedassar.blogspot.com/2012/11/defeating-memory-breakpoints.html

    Any comments or ideas are very welcome

  2. #2
    Map not file section(R/E). Next you can not change the attributes.

    Pt.zip
    Last edited by Indy; November 12th, 2012 at 22:26.

  3. #3
    Indy, instead of iterating though all kernel32.dll page to determine the SizeOfImage value, you can just call the "ZwQueryVirtualMemory" function with "VirtualMemoryInformationClass" set to MemoryBasicVlmInformation 0x3. This should save you some instructions

    #define MemoryBasicVlmInformation 0x3
    struct MEMORY_BASIC_VLM_INFORMATION
    {
    unsigned long ImageBase;
    unsigned long blah[0x2];
    unsigned long SizeOfImage;
    };

    Code: http://pastebin.com/RCkVDNXJ

    By the way, this trick does not work, something is missing as attributes are easily changed.

  4. #4
    walied
    Module size is not needed.

    By the way, this trick does not work, something is missing as attributes are easily changed.
    This no can not work. Do you have a kernel there?
    mb kernelbase ?

  5. #5
    Indy,

    Which page are you protecting in ptImg.exe? I have tested on XP SP2 (no kernelbase.dll) without seeing the expected results?

    Is it page(s) at 0x410000 or kernel32.dll?

    I am sure i am missing something.

  6. #6

Similar Threads

  1. Defeating Windows Driver Signature Enforcement #1: default drivers
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: November 3rd, 2012, 21:17
  2. ARTeam: Defeating the Winlicense Main Executable version 2.0.5.0 by quosego
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: January 19th, 2009, 13:02
  3. Article: Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass
    By dELTA in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: February 2nd, 2005, 16:20
  4. Defeating PCGuard v5.0
    By SvensK in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: June 14th, 2004, 16:20
  5. Software Memory Breakpoints ??
    By Emerson in forum The Newbie Forum
    Replies: 2
    Last Post: January 24th, 2004, 07:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •