Delphi Inline Asm

[ChupaChu]

I wonder if there is a way to hide calls i make from inlined asm?

For example if i call RDTSC regullary (every few sec's) to check if

code execution is geting too slow (usualy means: i'm being debuged)

by searching my exe for '0F 31' bytes or RDTSC command in olly

this anti-debug trick is very easy to be found.

So is there a simple way to get around this?

Regards, ChupaChu!

[Loki]

You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

[ChupaChu]

You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

Sounds good enough for me. I have never coded something like that.

Do You have any examples i coud take look at?

at the moment i am thinking to create a variable, lets say string with hex

code i need to encrypt. Then i would xored it with lets say 33h.. byte by

byte and create new string - now this string i can use to decypher whole

command in my exe.. ok.. i think i might be correct by now..

But how do i then make jump to that decyphered string!?

can you provide simple asm sample (to work with delphi inline)?

Thanks, ChupaChu!