[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[exelist] INT 41h detection

To: exelist@...
Subject: [exelist] INT 41h detection
From: lorian@...
Date: Sun, 1 Aug 1999 20:11:44 +0200 (MEST)
Delivered-to: listsaver-of-exelist@egroups.com
Delivered-to: listsaver-egroups-exelist@egroups.com
Mailing-list: contact exelist-owner@egroups.com

morning,

I just wanted to tell you all, that in future you should
not use the INT 41h/AX=004fh detection, to detect SoftIce
or other windows debuggers, cause it is possible to get
false alerts.

Today I found out, that some program (most probably INTEL vtune)
installed a VXD on my system, which is called VTBS.VXD
This VXD is responsible for time measurement. It hooks like any
debugger INT 41h and returns F386h if it is called. 
Means: All software detected a debugger in background on my system
although I booted without softice or other debuggers...

bye lorian

-- 
Sent through Global Message Exchange - http://www.gmx.net

Prev by Date: [exelist] GetTyp 2.50 released
Next by Date: [exelist] PEWizard v1.10
Previous by thread: [exelist] GetTyp 2.50 released
Next by thread: [exelist] PEWizard v1.10
Index(es):
- Date
- Thread