Thread: A packer which does this...
View Single Post
  #3  
Old 12-14-2004, 16:39
taos's Avatar
taos taos is offline
The Art Of Silence
  
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 134 Times in 36 Posts
taos Reputation: 54
Quote:
Originally Posted by dyn!o
There exist such a "thing" but it's not a protector but a commercial protection system (a wider technique).

- protection of any range of the code section in compiled software (no need of sources)
- possibility of any code (function) execution in the place of space caused by ripped code
- no noticeable software performance decrease (no matter how long range will you protect)
- generic anti-debugger detection (detects all debuggers, no matter what tool will you use to hide)
- virtual machine + own environment
- the protection doesn't take the usage of a driver
well, actually I'm working in my new release of my little project and this is what I have did it:

- protection of any range of the code section in compiled software (no need of sources)

you tell me the main idea in a last post "The problem is the moment when your code gets decrypted", what happens if every xxx's lines of code have crypted and with the key of the last crypted key and of course some fixed values? I've implemented this in my new system :-). the problem, I can not make a tool to protect, but every protected EXE will be very different.
I study the EXE and then take a note what to encrypt (from-to) and how.
I have balanced between perfomance and to have a few code decrypted.


- possibility of any code (function) execution in the place of space caused by ripped code
- no noticeable software performance decrease (no matter how long range will you protect)

already implemented ;-) All in ASM.

- generic anti-debugger detection (detects all debuggers, no matter what tool will you use to hide)

I've used a lot of tricks to detect debuggers. Indeed in my first project I make a mistake, I used commercial packers, in this release ONLY MY PACKER will be used, and then my antidebug technics will be more powerfull.
In this proj. I can detect BPM's (soft and hard) and import hooks and repeat, I don't use any commercial prog.

- virtual machine + own environment
I'm interested to implemented this too, but I need more info about this. :-( and I think it can be a problem with my proper debugger used.
I've implemented like a "copy mem" feature, I have used a attached debugger trick and...(ok I don't want tell you more information,obviously )

I promise you that it will be more difficult that last, very more...

Thanks for your ideas. :-)

In a few days I will put a EXE file to test it by the community.

Regards.
Reply With Quote