A sample evasion technique
unsigned char idt[6];
__asm
{
sidt idt
}
if ((0x00 == idt[0]) && (0x08 == idt[1]))
{
fp = fopen(“c:\\donothing.txt”, “w”);
fclose(fp);
}
else
{
fp = fopen(“c:\\breakstuff.txt”, “w”);
fclose(fp);
}
CREDIT: /Arne
Post a Comment
You must be logged in to post a comment.