View Full Version : /Section help
Swimmer
June 1st, 2007, 18:31
I used the search here but couldn't find anything.
I am looking for an example(preferably assembly)
of using /SECTION argument for link.exe for some sort
of minor code protection.
What about VirtualAlloc with readwrite permissions for the code and using VirtualProtect to turn on readonly + execute ?
Thanks.
squidge
June 2nd, 2007, 05:12
Well, changing some code to "ro+x" would be fine until someone loaded the exe into something like Ollydbg, and clicked "Set Access" -> "Full Access".
Swimmer
June 2nd, 2007, 07:17
Thanks for the feedback. I now know a feature of Olly that I wasn't familar with. :-)
Take care.
Swimmer
June 2nd, 2007, 08:56
I can't find Set Access in Ollydbg. I have version 1.10.
Thanks.
squidge
June 2nd, 2007, 11:40
...
disavowed
June 2nd, 2007, 12:21
Swimmer, keep in mind that someone could do this without a debugger as well -- they could call VirtualProtectEx(...).
Don't rely on "ro-x" for anti-reversing purposes. (However, if the purpose is to deter buffer overflow exploitation, etc., then that's fine.)
Swimmer
June 2nd, 2007, 12:38
Thanks to both.
Someone suggested the ro-x because they thought I wanted it for anti-malware purposes.
I realize the best method is to not have all the features in a program to begin with. Can't create what isn't there.
I have some 16 bit code that confuses IDA Pro, at least on
it's initial dissassembly.
There are other things I am looking at like inserted a fake
signature for a file compressor and then using brand
G on it.
Also found a handy program that makes a com file
out of small .exes. That may have some potential as well.
LLXX
June 5th, 2007, 03:31
Quote:
[Originally Posted by Swimmer;66117]I used the search here but couldn't find anything.
I am looking for an example(preferably assembly)
of using /SECTION argument for link.exe for some sort
of minor code protection.
What about VirtualAlloc with readwrite permissions for the code and using VirtualProtect to turn on readonly + execute ?
Thanks. |
That won't do anything in the way of protection.
As for an example, I use
for all access after I've merged all the sections together.
Powered by vBulletin® Version 4.2.2 Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.