Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Driver circumventing checksum based tamper-resistance in user-space exes..
Nov 17 2006 05:40AM
Vinay A. Mahadik (vamahadik fastmail fm)
This is based on Shadow Walker(idea and code both)/"inverse-Pax" applied
to user-space executables instead. Idea can be used to reverse ring3
executables that have self-checksums in place for tamper resistance.
Basically, user-space exes can be code-patched arbitrarily - the exe's
self-checksums do ...
[ more ]
Copyright 2010, SecurityFocus