maybe an easy-to-solve problem, but quite a cracker for me :rolleyes: :

i was trying to implement some calls to int 03 in my programs as the most basic protection from softice. but whenever the program gets to that point, it crashes.
besides, i was trying to make myself a little proggie which checks for softice using several methods. some of those methods implement an interrupt (int 41h/68h). and when the ints are called, the program crashes.
so my question is actually obvious: how do i get those routines to work without crashing?

tia
Posted on 2002-04-07 12:35:39 by Donnerwolf
int3 = trap to debugger. You'll get an exception if no debugger is
present. You can trap this by setting up a SEH.

Don't bother with softice detection. It's very trivial to defeat, and
will only piss off legitimate softice users. It's a bit annoying having
to reboot your box (to get rid of softice) just to run some app.
Posted on 2002-04-07 12:47:05 by f0dder
tnx, can you give me a code sample for that :rolleyes: ?
somebody once told me it was possible to call interrupts from ring0? any idea how to achieve that, how to get there? normally i work on ring3.
Posted on 2002-04-07 12:49:56 by Donnerwolf
SEH involves playing with the contents of - I think there's some
code at win32asm.cjb.net, otherwise google for "SEH in asm".
Don't bother with ring0, the only clean way to go there is writing
a VXD for 9x and KMD for NT, and requiring the admin to install a
KMD on NT just to run some app == lame. You can call interrupts just
fine from ring3, but the win32 API is through the API calls, not interrupts,
and there aren't really any documented interrupt usage... so just
stick to the API.
Posted on 2002-04-07 12:59:12 by f0dder
Don't ask questions on SEH, since I myself haven't tried it yet. Anyway I found this .asm file on my HD and possibly this might help you.

Assemble: TASM /M /Q /T SEHxmpl.asm
Link: TLINK32 /x SEHxmpl,,,,SEHxmpl

:)
Posted on 2002-04-07 13:24:07 by stryker
A simpler example.
Posted on 2002-04-07 21:56:52 by grv575
Jeremy Gordon wrote a good article on SEH. You can download his zip file from his site: http://www.godevtool.com

best regards,

czDrillard
Posted on 2002-04-07 21:59:12 by czDrillard