I wonder if there is a way to hide calls i make from inlined asm?

For example if i call RDTSC regullary (every few sec's) to check if

code execution is geting too slow (usualy means: i'm being debuged)

by searching my exe for '0F 31' bytes or RDTSC command in olly

this anti-debug trick is very easy to be found.

So is there a simple way to get around this?

Regards, ChupaChu!

You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

Sounds good enough for me. I have never coded something like that.

Do You have any examples i coud take look at?

at the moment i am thinking to create a variable, lets say string with hex

code i need to encrypt. Then i would xored it with lets say 33h.. byte by

byte and create new string - now this string i can use to decypher whole

command in my exe.. ok.. i think i might be correct by now..

But how do i then make jump to that decyphered string!?

can you provide simple asm sample (to work with delphi inline)?

Thanks, ChupaChu!