Log in

View Full Version : Updated Ollybone plugin

Orkblutt
September 26th, 2010, 16:35
Hey,

I was working on TLB desync these days (à la Tron/Shadow Walker).
My major problem was to port that code on SMP system. (see the thread here http://www.kernelmode.info/forum/viewtopic.php?f=14&t=353 ).
I finaly resolved my problem (thanks Alex to pointed me PHunter code).
A friend, also send me a link to ollybone plugin that is using that method but the SMP compatibility was a bit dirty.
So I decided to update it using the nice SMP interrupt hooking code from PHunter.
Looks to work nicely on a 2 cores/Win 7 box.

Should be very nice to update it to work on PAE system and on 64bits system.

Cheers,

Orkblutt
Fyyre
September 26th, 2010, 19:30
processor.c & processor.h ? Ms-Rem's code is always top notch. I hope Alex sent you the PHunter v1.1 source.

Maybe you will port it to x64?

Best Regards,

-Fyyre


Quote:
[Originally Posted by Orkblutt;87791]Hey,

I was working on TLB desync these days (à la Tron/Shadow Walker).
My major problem was to port that code on SMP system. (see the thread here http://www.kernelmode.info/forum/viewtopic.php?f=14&t=353 ).
I finaly resolved my problem (thanks Alex to pointed me PHunter code).
A friend, also send me a link to ollybone plugin that is using that method but the SMP compatibility was a bit dirty.

So I decided to update it using the nice SMP interrupt hooking code from PHunter.
Looks to work nicely on a 2 cores/Win 7 box.

Should be very nice to update it to work on PAE system and on 64bits system.

Cheers,

Orkblutt
Orkblutt
September 27th, 2010, 03:24
Hey Fyyre,

Yes...Ms-Rem rocks
Idk if I have PHunter v1.1... Didn't found version in the code.

For x64, I even don't know if TLB desynchronisation is possible. But why not give it a try...
I'll prefer atm to make it working on PAE enabled systems. See the other link Alex linked on km.info: http://www.rootkit.com/board.php?did=edge734&closed=0&lastx=15
And also Deroko's "Dream Of Every Reverser" sources.

All the best,

Orkblutt