hello how it's possible to code one protection for anti BPM (breakpoint hardware) ? :confused:
how erase the value of registry debug without passing by Ring 0 ? :confused:
Please give me one exemple with code source.
Thks for u help :)
@+++:alright:
how erase the value of registry debug without passing by Ring 0 ? :confused:
Please give me one exemple with code source.
Thks for u help :)
@+++:alright:
You can desactivate those BP using API SetThreadContext (a way to reach
Ring0), that will clean the DRx registers, rendering inefective any hardware
BP set by the debugger. I don't know if this could be achevied without
using Ring0....
Sorry, no source under hand, you should go and have a look either at Daemon's
cave or http://www.yates2k.net/sysinfo.html
Regards
etherlord
Ring0), that will clean the DRx registers, rendering inefective any hardware
BP set by the debugger. I don't know if this could be achevied without
using Ring0....
Sorry, no source under hand, you should go and have a look either at Daemon's
cave or http://www.yates2k.net/sysinfo.html
Regards
etherlord
You really shouldn't be messing with hardware breakpoints...
Hello,
Here's way, one may say that's ugly...
-Implement a SEH
-Try to do a gpf:
xor eax,eax
mov eax, ;cause a gpf
-then it will call your SEH
-In your SEH, access the CONTEXT structure
-In the CONTEXT struct you'll find all debug registers (aka DRx)
-Erase DR7
This is one way to access Debug registers without CPL0.
Neitsa
Here's way, one may say that's ugly...
-Implement a SEH
-Try to do a gpf:
xor eax,eax
mov eax, ;cause a gpf
-then it will call your SEH
-In your SEH, access the CONTEXT structure
-In the CONTEXT struct you'll find all debug registers (aka DRx)
-Erase DR7
This is one way to access Debug registers without CPL0.
Neitsa
ths u verry mutch +Neitsa ;):alright: :alright: :alright: