#1
|
|||
|
|||
Interlocked protection
I currently working with friends on new Tpkd.sys antidebbuging techniques.
The work is still in progress. I have a question about in-out vagaries. What does this code repeted four time in the sys and used in decrypting int1 and int3 custom handlers : Out dx, al with al=80h and dx=70h jump $+2 jump$+2 In al, dx with al=80h and dx=71h jump $+2 jump$+2 out dx, al with al=00h and dx=70h mov byte ptr [ebp-8], al is it RTC clock without NMI ???? jump $+2 jump$+2 in al, dx with al = 18h and dx=21 h is it PIC reading ? How can repeating such a code detect debbugger? Thanks %OuRs% |
|
|