nikolatesla20
October 22nd, 2002, 14:05
I've learned so much in this past year and a half about reversing, I would like to thank everyone here that has helped me, and especially those that have shared their great tools and information!
One thing I have yet to learn is system drivers. The big question in my head still is: How exaclty does Revirgin "trace" code execution? Now, I know we wouldn't want to give out ever bit of info, lest it be used against us, but if +Tseph or anyone could guide me in the right direction (or PM me) as to how this works.
I'm under the assumption that it uses some kind of system level driver, although I am not 100% sure. ( I do know there is tracer.dll ). My latest theory is that the code is emulated? Because I don't understand how a unresloved api could just be "entered" and executed at will....well, I guess you could change eip
I would just like to get some sort of idea on how this is done and if anyone would have some information to help me learn I would greatly appreciate it.
As soon as I acquire DS 2.7, (In process) I'll try and update the anti-detect patches for it....
-nt20
One thing I have yet to learn is system drivers. The big question in my head still is: How exaclty does Revirgin "trace" code execution? Now, I know we wouldn't want to give out ever bit of info, lest it be used against us, but if +Tseph or anyone could guide me in the right direction (or PM me) as to how this works.
I'm under the assumption that it uses some kind of system level driver, although I am not 100% sure. ( I do know there is tracer.dll ). My latest theory is that the code is emulated? Because I don't understand how a unresloved api could just be "entered" and executed at will....well, I guess you could change eip
I would just like to get some sort of idea on how this is done and if anyone would have some information to help me learn I would greatly appreciate it.
As soon as I acquire DS 2.7, (In process) I'll try and update the anti-detect patches for it....
-nt20