![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
New anti-debugging possibilities
May. 25th, 2008 | 07:19 pm
music: Scorpions - Humanity
Finished to write my article "New anti-debugging possibilities" today for a joint zine. The article contains 7 new anti-debug techniques for Win64 platform.
Link | Leave a comment | Add to Memories | Tell a Friend
(no subject)
Apr. 21st, 2008 | 05:04 pm
music: Draconian - The Cry of Silence
Nothing to write here currently, just working on my projects and busy with the joint zine. :-)
Link | Leave a comment | Add to Memories | Tell a Friend
PEB.BeingDebugged (Win64 variation)
Mar. 14th, 2008 | 07:59 pm
Link | Leave a comment | Add to Memories | Tell a Friend
News
Feb. 10th, 2008 | 04:54 pm
music: Nautilus Pompilius - Chernije Krylja
OllyDBG and ESI register.
I always noticed, when I was loading my application into OllyDBG for debugging ESI register was always = 0FFFFFFFFh (-1). I tested that on 5 diffirent intel machines with Windows XP SP2 installed, and on 1 machine where Vista SP0 installed. Also, Nibble, WarGame, RadiatioN, and kaze (thanks to all!) had tested that too. On WarGame's AMD64 ESI register was = 4, so we may need to check for -1 and 4 in ESI register.
The shortest way to check if ESI is -1:
inc si
jz odbgfound
We must check for -1 or 4 in ESI register at the beginning, until ESI register isn't modified. Also, by mixing the code with junk it would be more powerful. :-)
Ok, I hope somebody will find it useful.
---
Acquaintance with JaniceEM2
Some time ago I got acquainted with JaniceEM2, who is very good female coder and nice girlfriend of mine now. :-)
I always noticed, when I was loading my application into OllyDBG for debugging ESI register was always = 0FFFFFFFFh (-1). I tested that on 5 diffirent intel machines with Windows XP SP2 installed, and on 1 machine where Vista SP0 installed. Also, Nibble, WarGame, RadiatioN, and kaze (thanks to all!) had tested that too. On WarGame's AMD64 ESI register was = 4, so we may need to check for -1 and 4 in ESI register.
The shortest way to check if ESI is -1:
inc si
jz odbgfound
We must check for -1 or 4 in ESI register at the beginning, until ESI register isn't modified. Also, by mixing the code with junk it would be more powerful. :-)
Ok, I hope somebody will find it useful.
---
Acquaintance with JaniceEM2
Some time ago I got acquainted with JaniceEM2, who is very good female coder and nice girlfriend of mine now. :-)
Link | Leave a comment | Add to Memories | Tell a Friend
Virus Wikipedia
Jan. 15th, 2008 | 12:33 am
http://virus.wikia.com
Thanks to Nibble for the link.
Thanks to Nibble for the link.
Link | Leave a comment | Add to Memories | Tell a Friend
F-Secure...
Jan. 7th, 2008 | 06:31 pm
Today, while working, I saw this:
Question to F-Secure: Do they really know math?
And this one:
Still AVP alive? ;-) Well, they could write "Kaspersky" instead...
Question to F-Secure: Do they really know math?
And this one:
Still AVP alive? ;-) Well, they could write "Kaspersky" instead...
Link | Leave a comment {5} | Add to Memories | Tell a Friend
The Register: Old school VXers calling it quits
Jan. 1st, 2008 | 11:00 pm
music: Graveworm - Hateful Design
Just found this link at The Register:
http://www.theregister.co.uk/2007/12/31/v
Well, no words.
http://www.theregister.co.uk/2007/12/31/v
Well, no words.
Link | Leave a comment {1} | Add to Memories | Tell a Friend
24C3: VX - The Virus Underground by SkyOut
Jan. 1st, 2008 | 05:42 pm
music: Marilyn Manson - They Said Hell's Not Hot
Here you can download SkyOut's lecture at 24C3:
http://rapidshare.com/files/80512850/24c
It was a nice speech, thanks.
http://rapidshare.com/files/80512850/24c
It was a nice speech, thanks.
Link | Leave a comment | Add to Memories | Tell a Friend
Happy New Year and Welcome!
Jan. 1st, 2008 | 04:24 pm
music: The Foreshadowing - Days of Nothing
Here I will write about my daily life, and about my favorite hobby: virus writing.
Welcome. :)
Welcome. :)