Jump to content

Delphi Inline Asm


ChupaChu

Recommended Posts

I wonder if there is a way to hide calls i make from inlined asm?

For example if i call RDTSC regullary (every few sec's) to check if

code execution is geting too slow (usualy means: i'm being debuged)

by searching my exe for '0F 31' bytes or RDTSC command in olly

this anti-debug trick is very easy to be found.

So is there a simple way to get around this?

Regards, ChupaChu!

Link to comment

You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

Link to comment
You could make the code self modifying so that just before the command is run, it decrypts itself. A simple XOR would do the job, and you could even choose an XOR value which turns it into another seemingly legit command.

Sounds good enough for me. I have never coded something like that.

Do You have any examples i coud take look at?

at the moment i am thinking to create a variable, lets say string with hex

code i need to encrypt. Then i would xored it with lets say 33h.. byte by

byte and create new string - now this string i can use to decypher whole

command in my exe.. ok.. i think i might be correct by now..

But how do i then make jump to that decyphered string!?

can you provide simple asm sample (to work with delphi inline)?

Thanks, ChupaChu!

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...