More on fortifying Lotus Notes
lists@notatla.demon.co.uk
lists at notatla.demon.co.uk
Sun, 6 Jun 1999 15:58:45 +0100
Ben Laurie <ben@algroup.co.uk>:
> Good disassemblers can spot this trick. Besides, the wise reverse
> engineer reverse-engineers with a debugger (or an ICE if budget permits
> :-), not a disassembler.
Wrox Press "Assembly Language Master Class" ISBN 1-874416-34-6
See page 126ff. The trick I like most is on p129 where the Pentium pipeline
stores the next few instructions of a self-modifying program. The pipeline
is unwriteable by the program in normal execution. It can tell whether it
is being run under a single-step debugger in which case the pipeline would
not be in use.
and
> Unfortunately, modern assemblers take a few hundred pages just to
> describe the instructions! For example, the i486 instruction set takes
> 289 pages!
rats!