Page 4 of 4 FirstFirst 1234
Results 46 to 49 of 49

Thread: Avoiding INT1 detection of SoftICE under WinXP

  1. #46

    Red face Sorry!

    Didn't see that one!
    You're in my book of reverance, as well!

    /Manko

  2. #47
    Wizard Extraordinaire
    Join Date
    Sep 2002
    Posts
    127
    Originally posted by evaluator
    Crack-tracer's generally are for Ring3 protected proggs
    That's because no-one took the time yet to make one that does R0 too


    BTW, what R0-tracer you know!? & why is need it for Drivers!?
    For such thing need Debuger, IMHO.
    Don't know one (unless you count BOCHS). But I see it being useful as some protections use device drivers.. and what is to keep anyone from putting ALOT more code in a device driver (not like the silly SecDrv from SD)

  3. #48
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815

    oops

    Oh, sorry SINTAX,

    I guess I didnt understand your patch "EB". I didnt mean to steal your idea at all, it just didnt dawn on me !

    Sorry 'bout that ! But thank you for all your help !

    I was thinking it should be possible to patch ntice.sys for this (or whatever program loads SI - winice.exe?) - for example, ntice.sys is obviously hooking into the IDT. If you look at the IDT function offsets, they lead into softice code. So wherever the SI loader sets up the IDT I would think you could change how it sets the DPL for INT1.

    To Manko: There are LOTS of ways to check for SI. Sometimes you just have to go program by program.


    -nt20
    Last edited by nikolatesla20; October 29th, 2002 at 15:40.

  4. #49
    Wizard Extraordinaire
    Join Date
    Sep 2002
    Posts
    127

    Re: oops

    Originally posted by nikolatesla20
    Oh, sorry SINTAX,

    I guess I didnt understand your patch "EB". I didnt mean to steal your idea at all, it just didnt dawn on me !

    Sorry 'bout that ! But thank you for all your help !

    -nt20
    No problem at all...

Similar Threads

  1. Avoiding a HASP-3 dongle
    By serpeal in forum The Newbie Forum
    Replies: 11
    Last Post: May 20th, 2009, 11:22
  2. INT1 question
    By 0rp in forum The Newbie Forum
    Replies: 7
    Last Post: December 23rd, 2004, 14:24
  3. Help! Random reboot using SoftICE for WinXP!
    By Moddie in forum Tools of Our Trade (TOT) Messageboard
    Replies: 18
    Last Post: January 12th, 2004, 21:14
  4. Avoid INT1 detection of NTICE under 2k/XP
    By pasha in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: March 23rd, 2003, 15:13
  5. WinXP: SoftICE breakpoints dont work?
    By Vaboc in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: August 25th, 2002, 06:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •