Ant eye debug code and comments
- From: HandyMan <luke77561@xxxxxxxxx>
- Date: 28 May 2007 13:02:07 -0700
; dro.asm COM File This is an example of ANTI-DEBUGGING CODE !!!
; This code goes resident when run !!
; (3 finger salute gets you out.)
; YOU have been warned. !!!!
; "If you hang around the barber shop enuf, you'll end up
getting a haircut."
;
; Help from Fodder,Robert,Marv,
; Old anti-debugging code
; Never beeps when traced, see if we can figure that out...
;
;
..MODEL TINY
..386p ; Proteced mode code
..CODE
ORG 100h
START:
;--------------------
Copyright:
mov ah,09
mov dx,offset CMsg
int 21h
jmp short OverCop
CMsg db 0dh,0ah,'ANTI-DEBUGGING CODE ONLY !!!',0dh,0ah
db 'Original code 1995',0dh,0ah
db 'Beeps when Int 13 entry point reached','$'
OverCop:
;--------------------
mov ax,3513h ; Get INT 13 address
int 21h
; Converting ES:BX to a physical
address
; ES*10h+BX, store it to EAX
xor eax,eax
mov ax,es
mov cl,4
shl eax,cl
and ebx,0000FFFFh
add eax,ebx
; IDA Pro doesn't disassemble the rest of this code
; Where is that seeing eye dog :-)
; The instructions must be executed at privilege level 0 or in
real-address mode.
;
mov dr0,eax ; DR0 contains address of breakpoint
xor eax,eax ; DR6 - status register
mov dr6,eax ; Clear it
; DR7 - control register
xor eax,eax ; Disabling all Debug Breakpoints, and
; clearing LEN0 and RW0 (our
Breakpoint is
; a Code Breakpoint)
or al,2 ; G0 - it's global breakpoint
mov dr7,eax
pushf ; Clear TraceFlag
pop ax
and ah,0FEh
push ax
popf
mov dx,offset Tracer ; Set our Exception handler
mov ax,2501h
int 21h
mov dx,offset theend ; TSR
int 27h
TRACER: ; Exception handler
push bp eax
mov bp,sp
mov eax,dr6 ; status register
;* here you can include test of BD flag
; 15.2.3.Debug Status Register (DR6)
;
; The debug status register (DR6) reports the debug conditions that
were sampled at the time the
; last debug exception was generated (refer to Figure 15-1). Updates
to this register only occur
; when an exception is generated. The flags in this register show the
following information:
; B0 through B3 (breakpoint condition detected) flags (bits 0 through
3)
; Indicates (when set) that its associated breakpoint condition was
met when a
; debug exception was generated. These flags are set if the condition
described
; for each breakpoint by the LENn, and R/Wn flags in debug control
register
; DR7 is true. They are set even if the breakpoint is not enabled by
the Ln and
; Gn flags in register DR7.
;
; BD (debug register access detected) flag (bit 13)
; Indicates that the next instruction in the instruction stream will
access one of
; the debug registers (DR0 through DR7). This flag is enabled when
the GD
; (general detect) flag in debug control register DR7 is set. Refer
to Section
; 15.2.4., Debug Control Register (DR7) for further explanation of
the purpose
; of this flag.
; BT (task switch) flag (bit 15)
;
; Indicates (when set) that the debug exception resulted from a task
switch where
; the T flag (debug trap flag) in the TSS of the target task was set
(refer to Section
; 6.2.1., Task-State Segment (TSS), in Section 6, Task Management,
for the
; format of a TSS). There is no flag in debug control register DR7 to
enable or
; disable this exception; the T flag of the TSS is the only enabling
flag.
; Note that the contents of the DR6 register are never cleared by the
processor. To avoid any
; confusion in identifying debug exceptions, the debug handler should
clear the register before
; returning to the interrupted program or task.
; debug and grdb never see this
instruction ?
test eax,00004000h ; single step tracing ? checking bit
15
nop ; grdb.exe does NOT like these 2 NOPs here !! Lockup this
puppy !!
nop ;
jz HardBreak ;
; single step tracing occured, it was used by us to
; restore our hardware breakpoint (see further)
; DR0 is a Hardware breakpoint again
xor eax,eax ; clearing the debug handler
mov dr6,eax
or eax, 00000002h ; Setting Exception by DR0
and eax,0FFF0FFFFh ; Code Exception
mov dr7,eax
and word ptr [bp+0Ah],0FEFFh ; Clearing trace flag in stack
jmp short exitrace
HardBreak: ; DR0 Exception handler
mov eax,dr6 ; Clear status register
xor eax,eax
mov dr6,eax
mov eax,dr7
and eax,0FFFFFFFDh
mov dr7,eax ; Disable DR0 Hardware Breakpont, or
else
; recycling when return
(ResumeFlag doesn't
; resumes... making it by the
handle)
; The purpose of our hardware
breakpoint
;mov ax,0E07h ; Sound a beep This doesn't work, try next 3
lines
;int 10h
mov dl,07h
mov ah,02h
int 21h
; Insert everything you need.
SetTF: ; Setting usual
tracing for further
; DR0 resuming
or word ptr [bp+0Ah],0100h ;
;
ExiTrace:
pop eax bp
iret
TheEnd:
End Start
.
- Prev by Date: Re: Speed up the process
- Next by Date: MASM - declaring external dependancy only when symbol is used
- Previous by thread: Minimal 32bit PMode fat12 compatible floppy disk boot loader
- Next by thread: MASM - declaring external dependancy only when symbol is used
- Index(es):
Relevant Pages
|
