Exetools  

Go Back   Exetools > General > x64 OS
Reload this Page Looking for
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2014, 01:27
Nukem Nukem is offline
Family
  
Join Date: Aug 2014
Posts: 8
Rept. Given: 10
Rept. Rcvd 66 Times in 6 Posts
Thanks Given: 6
Thanks Rcvd at 10 Times in 5 Posts
Nukem Reputation: 67
There's no public way to bypass it, so I doubt anyone is going to just give it away.
http://vrt-blog.snort.org/2014/08/th...rotection.html - "Patchguard v8 - Internal architecture" is the most recent, but not very helpful.

AFAIK it can be somewhat bypassed with virtualization by spoofing the LSTAR MSR(syscall) or intercepting IDT events. There's still the cost of performance.
Reply With Quote
The Following User Gave Reputation+1 to Nukem For This Useful Post:
bolzano_1989 (08-26-2014)
The Following User Says Thank You to Nukem For This Useful Post:
Indigo (07-19-2019)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT +8. The time now is 16:30.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )