tsehp
December 14th, 2000, 20:51
hi owl,
I just wonder if you got my e-mails
I'm actually looking for the best solution :
the tracer state's machine is on the dll I installed into the target's context, and the tracing thread too. At the opposite of icedump's, I have to send a much bigger structure to the state machine, the eip check is not one single interval, but a table of possible addresses that could contain up to 5000 entries. What's the best solution to communicate with my iat resolver ? IPC ? mapped file ? something else ?
TIA to give me some detail about the best solution, the reusability of the dll depends a lot on this.
Just to report you, I'm actually at the emulating seh install attempt stage, I've to say that at this point I could just implement all the icedump's tracer protections.
regards,
tsehp
I just wonder if you got my e-mails

I'm actually looking for the best solution :
the tracer state's machine is on the dll I installed into the target's context, and the tracing thread too. At the opposite of icedump's, I have to send a much bigger structure to the state machine, the eip check is not one single interval, but a table of possible addresses that could contain up to 5000 entries. What's the best solution to communicate with my iat resolver ? IPC ? mapped file ? something else ?
TIA to give me some detail about the best solution, the reusability of the dll depends a lot on this.
Just to report you, I'm actually at the emulating seh install attempt stage, I've to say that at this point I could just implement all the icedump's tracer protections.
regards,
tsehp