Re: Jumping into middle of instruction
- From: Terence <spamtrap@xxxxxxxxxx>
- Date: Tue, 26 Feb 2008 14:26:46 -0800 (PST)
Some early viruses disguised themselves by using code that did
something, interspersed with code that did nothing useful (like OR
BX,BX). Then as part of the copying process to produce a new virus,
changed all the do-nothing codes to other do-nothing codes at random
from a stored set. So the virus was contantly changing. Jumping into
the middle of an nstruction is a way of disguising code from debug
attempts (though there are better ways, based on timing and pipeline
contents.
The answer is yes, but a bit pointless. I can see you! :o)>
.
- References:
- Jumping into middle of instruction
- From: mybwpp@xxxxxxxxxxxxxx
- Jumping into middle of instruction
- Prev by Date: Re: MASM ASSUME directives...
- Next by Date: Re: Jumping into middle of instruction
- Previous by thread: Jumping into middle of instruction
- Next by thread: Re: Jumping into middle of instruction
- Index(es):
