Flag: Tornado!
Hurricane!
|
|
 Error: Authentication required to access requested resource.
Topic created on: by  .
Hi,
Check this out:
http://deneke.biz/obsidian
Hmm, I wouldn't call it 'non-invasive' (the author calls it non-itrusive, but its almost the same), but it's interesting anyway, since it is not using Debugger API nor ring0 tricks.
However I did have some trouble using it ;< Hope you'll have better luck!
Take care!
G.C.
|
or you could take a look here
http://www.reverse-engineering.info/PE_Information/Crackers_Guide_To_Program_Flow.pdf
|
|
CreateToolhelp32Snapshot is very intrusive, since it inserts a thread in the target process, in order to gather certain information about that process. This new thread is detected easily by the target process, and can cause a hostile reaction. NtQueryInformationProcess should be used instead.
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 16,575 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}