From Collaborative RCE Tool Library

Jump to: navigation, search

Anti Anti-BPM via SEH, KiUserExceptionFilter Mod

Tool name: Anti Anti-BPM via SEH, KiUserExceptionFilter Mod
Rating: 0.0 (0 votes)
Author: Robert Yates                        
Website: http://www.reverse-engineering.info
Current version:
Last updated: August, 2003
Direct D/L link: http://www.reverse-engineering.info/SystemCoding/bpm.rar
License type:
Description: This is an idea I had and tried to put into practice. Some protections create faults so they can clear bpms, Asprotect for example, so the idea behind this sys is to modify KiUserExceptionDispatcher to create a snapshot of the drx regs before the users exception occurs then restore them afterwards. It works but the src is rough, currently you have to disassemble ur own ntdll and find some un-used space, (6 dwords) at the end off the .data then subtract the ntdll imagebase and update the NTDT EQU in the .sys. The idea could be improved by only restoring drx values that have become null or the standard dr7 value re-entered.

Have a go, bpm w the code section of an asprotect exe after the sys is loaded.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Anti_Anti-BPM_via_SEH%2C_KiUserExceptionFilter_Mod"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (983)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (12)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (16)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (13)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (79)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (32)
   Regular Expression Tools  (3)
   Resource Editors  (12)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (137)
   Tool Hiding Tools  (5)
   Tool Signatures  (22)
   Tracers  (17)
   Unpacking Tools  (59)
   Needs New Category  (2)