Flag: Tornado!
Hurricane!
|
|
| RDTSC Instruction Debugger Latency Detection |
Debugging |
ap0x |
RDTSC |
March 11 2006 |
|
|
; #########################################################################
.586
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comdlg32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comdlg32.lib
; #########################################################################
.data
DbgNotFoundTitle db "Debugger status:",0h
DbgFoundTitle db "Debugger status:",0h
DbgNotFoundText db "Debugger stepping not found!",0h
DbgFoundText db "Debugger stepping found!",0h
.code
start:
; MASM32 antiRing3Debugger example
; coded by ap0x
; Reversing Labs: http://ap0x.headcoders.net
; This code calculates time of code execution betwean two RDTSC
; instructions. RDTSC stores time in EAX.
; If this time is greater than 0xFFF then debugger is present.
RDTSC
XOR ECX,ECX
ADD ECX,EAX
RDTSC
SUB EAX,ECX
CMP EAX,0FFFh
JNB @OllyDetected
PUSH 40h
PUSH offset DbgNotFoundTitle
PUSH offset DbgNotFoundText
PUSH 0
CALL MessageBox
RET
@OllyDetected:
PUSH 30h
PUSH offset DbgFoundTitle
PUSH offset DbgFoundText
PUSH 0
CALL MessageBox
RET
end start
|
|
|
|
|
There are 31,320 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}