Thanks taos.
Quote:
Originally Posted by taos
This code "maybe" a BP detection because CC is the opcode of INT 3.
|
When I set only hardware BP, SDProtector checks the presence of "int 3" ? The above mentioned CMP could not be done and...debugging will be finished. It's unusual !
How could I know where it reads dr0 to dr3 values?
There is a jungle of junk codes
I red somewhere about
fs:[20h] and
fs:[30h] tricks used by ACProtect. Maybe SDProtector uses them too. The question is method of finding them.
Is it possible using conditional tracing like this ?
TC EIP=="
some opcodes"
Regards.