This is based on Shadow Walker(idea and code both)/"inverse-Pax" applied
to user-space executables instead. Idea can be used to reverse ring3
executables that have self-checksums in place for tamper resistance.
Basically, user-space exes can be code-patched arbitrarily - the exe's
self-checksums do ...
to user-space executables instead. Idea can be used to reverse ring3
executables that have self-checksums in place for tamper resistance.
Basically, user-space exes can be code-patched arbitrarily - the exe's
self-checksums do ...
[ more ]