Results 1 to 8 of 8

Thread: Different papers about SMC, polymorph code and anti trace code...

  1. #1
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5

    Question Different papers about SMC, polymorph code and anti trace code...

    Hi,

    i actually searching for different papers concerning the topics mentioned in the title. I don't want information about securom and other commercial protections. I'm more interested in custom stuff, "In the wild"-examples or theoretical papers.

    Would be great if someone can provide some interesting documents.

    Thx in advance,

    OHPen aka PAPiLLiON
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Posted on RETeam..

    http://streho.blog.cz/0703/advanced-self-modifying-code

  3. #3
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Don't know if it will help you... It's not a paper but a live example. It's called Polymorphic Decryption Crackme by The+Q. Avalaibe at http://www.crackmes.de/users/theq/pdc/

  4. #4
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Thank you guys,

    both links seems to be valuable

    But the more i get the better it is, hehe.

    Cu,

    PAPi
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  5. #5
    I've been looking for similar stuff recently (particularly being able to implement from high level language, C at least ) and i came across this issue of codebreakers journal.

    Code:
    http://www.secure-software-engineering.com/downloads/cbj/2006/CBM_1_2_2006_Trope_Self_Modifying_Code.pdf
    --
    bedrock

  6. #6
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Hehe cool,

    thank you bedrock. Nice document.

    PAPi
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  7. #7
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    I think it's a horrible document.

    His C code relies on quirks of the compiler. I suggest not to try using self-modifying code in languages that don't support it, unless you want your program to be broken the next compiler update.

    Executing code on the stack is plain stupid. Only 2 people have patches that don't allow code on the stack? Maybe he forgot *every computer that runs Windows XP SP2*! _http://support.microsoft.com/kb/875352

    Maybe he should just set the code section to writable in the header or with VirtualProtect

    Sorry for the rant, just had to get it out. No offense meant to bedrock.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  8. #8
    Quote Originally Posted by fr33ke View Post
    No offense meant to bedrock.
    None taken, i didn't write it, i just found it and read it

    --
    bedrock

Similar Threads

  1. Abusing alignment code for anti-sandboxing purposes
    By Reversing It Out in forum Blogs Forum
    Replies: 1
    Last Post: February 21st, 2010, 23:46
  2. Getting around anti-debugger code
    By REBlog in forum Blogs Forum
    Replies: 0
    Last Post: October 19th, 2007, 20:51
  3. Ring 0 anti-debugger code in Daemon Tools?
    By dELTA in forum Advanced Reversing and Programming
    Replies: 63
    Last Post: November 20th, 2006, 08:28
  4. How to anti crash code in swf files
    By winroot in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: August 6th, 2004, 20:18
  5. Does asprotect have anti-tracing code???
    By padawan in forum The Newbie Forum
    Replies: 2
    Last Post: February 23rd, 2004, 16:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •