More on fortifying Lotus Notes
Ben Laurie
ben at algroup.co.uk
Sun, 06 Jun 1999 16:45:36 +0100
lists@notatla.demon.co.uk wrote:
>
> Ben Laurie <ben@algroup.co.uk>:
> > Good disassemblers can spot this trick. Besides, the wise reverse
> > engineer reverse-engineers with a debugger (or an ICE if budget permits
> > :-), not a disassembler.
>
> Wrox Press "Assembly Language Master Class" ISBN 1-874416-34-6
> See page 126ff. The trick I like most is on p129 where the Pentium pipeline
> stores the next few instructions of a self-modifying program. The pipeline
> is unwriteable by the program in normal execution. It can tell whether it
> is being run under a single-step debugger in which case the pipeline would
> not be in use.
Yep, but I can tell (by thinking hard) that it is using this trick, and
simulate the results. This is why an ICE is preferred, of course - less
thought involved!
BTW, I remember this was used years ago to distinguish 386 SX and DX
models - they had different length prefetch queues.
And if you want to see some _really_ bizarre stuff that pipelines can
do, see the code in OpenSSL where adding instructions that do nothing
useful gives huge performance gains on P2s!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi