Friday, May 1, 2009

Szprotect

Just read this thesis by senior about Szproject, features quite same as Aspack.

5 main features :

a. Code protection ( by aPlib compression library indirectly resulted encryption effect)
b. Import table hiding
c. Antidebugger protection
d. Resource hiding
e. Extra protection

The antidebugging technique as below:
a. use the driver that used by SoftIce. If the original driver detected, flag toogled.
b. for Ring 3 debugger, read PEB ( process environement block) for certain value.
c. copy IsDebuggerPresent() in kernel32.dll to Szprotect. This may avoid the bypass

These going to spend my holiday

1. " Reversing : Secret of Reversing Engineering" Eldad Eilam(2005)
2. " The Shellcoder's Handbook: Discovering and Exploiting Security" Jack Koziel (2004)
3. "EXE Tools forum" http://forum.exetools.com
4. "Reversing Labs" http://ap0x.jezgra.net
5. " pediy" http://bbs.pediy.com


No comments:

Post a Comment