Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Can someone recognize this code???
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-03-2003, 06:19
yaa
 
Posts: n/a
Question Can someone recognize this code???
Hello,

sorry for posting what is problably a stupid question, but I was wondering if someone can recognize the following code:

00401620 PUSHAD
00401621 MOV EDI,xxxxxxxx.00401000
00401626 MOV ECX,xxxxxxxx.00401FFF
0040162B SUB ECX,EDI
0040162D MOV AL,0CC
0040162F REPNE SCAS BYTE PTR ES:[EDI]
00401631 JNZ SHORT xxxxxxxx.00401644
00401633 MOV EBX,xxxxxxxx.00402005
00401638 ADD BYTE PTR DS:[EBX],1
0040163B MOV ECX,xxxxxxxx.00401FFF
00401640 SUB ECX,EDI
00401642 JMP SHORT xxxxxxxx.0040162F
00401644 MOV EAX,xxxxxxxx.00402005
00401649 CMP BYTE PTR DS:[EAX],3

This code is somehow able to detect the presence of an application level debugger following code step by step. I was wondering if this is some checksum code. Thx.

yaa
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Solved]IDA 5.2 can't recognize XP SP3 symbols WhoCares General Discussion 2 12-01-2009 14:29
IDA can't automatically recognize try/finally structures by Borland compilers WhoCares General Discussion 2 10-09-2004 20:52


All times are GMT +8. The time now is 18:05.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )