Re: Clever ways to hide a compare
- From: spamtrap@xxxxxxxxxx (TS)
- Date: Mon, 26 Sep 2005 19:29:03 +0000 (UTC)
>You can do self modifying code on NT without any problems, you just have to
>either modify the PE header on disk or use VirtualProtect to allow writing
>to your .text section.
Even simpler: Put the corresponding code into the data section (e.g.,
as a function) and call or jump to it. Might not work on machines with
"NX bit" if the data section has not set the "executable" flag,
though. Same applies for self-modifying code created on the stack.
.
- References:
- Clever ways to hide a compare
- From: jonathon
- Re: Clever ways to hide a compare
- From: David J. Craig
- Re: Clever ways to hide a compare
- From: Aslan
- Re: Clever ways to hide a compare
- From: David J. Craig
- Re: Clever ways to hide a compare
- From: f0dder
- Clever ways to hide a compare
- Prev by Date: Re: Clever ways to hide a compare
- Next by Date: Re: Getting Back to Real Mode problem
- Previous by thread: Re: Clever ways to hide a compare
- Next by thread: Re: Clever ways to hide a compare
- Index(es):
