programmers resources
  http://www.intel-assembler.it/  (c)2017 intel-assembler.it   info@intel-assembler.it
 
Search :  
Lingua Italiana    English Language   
Index
 
just an empty assembly space
just an arrow Intel Platform
just an arrow Article & Guides
just an arrow Download Software


23/01/2009 Featured Article: How to remove Buzus Virus (permalink)




:::3140732:::
Bottone Scambio Directory Pubblicitaonline.it
Home Page | Articles & Guides | Download | Intel Platform | Contacts

Google
 


Bookmark and Share
Download 
Tell a friend



Avoiding Windows Rootkit Detection

Bypassing PatchFinder 2

(by edgar barbosa)

This brief 5 page PDF which refers to papers of Joanna Rutkowska shows how to invalidate EPA. From the text: "PatchFinder is a sophisticated diagnostic utility designed to detect kernel compromises. It is based in EPA (Execution Path Analysis) to detect rootkits. Until Microsoft donít change his security architecture, none method will stop rootkits in future. The future rootkits will heavily play with paging mechanism. There are infinite possibilities."
This article is online from 2767 days and has been seen 4516 times



Binary File (bypassepa_20091031.zip)


Top
Download 
Tell a friend
Bookmark and Share



Similar Articles

Applied Binary Code Obfuscation
Obfuscation in assembler
(by N.George, G.Charalambous)

Bifurcation of variables
An approach at protecting program functions
(by Lord Soth)

Binary Protection Schemes
Code Protection under Linux
(by Andrew Griffiths)

Copylok
Documento tecnico di analisi sul Copylok
(by Kilby)

Extending DOS Executables
How to modify a Windows executable relocating code
(by Digital Alchemist)

How to undongle
hardware key debugging with softice
(by Xoanon)

Xoanon-flags
A debugging session in some old protection scheme
(by Xoanon / Pinnacle)

Xoanon-timelock
A debugging session on an old protection scheme
(by Xoanon / Pinnacle)

Yodas Protector 1.02
An exe protector with antidebug, antidump
(by Ashkbiz Danehkar)

 Tags: protection


webmaster jes
writers rguru, tech-g, aiguru, drAx

site optimized for IE/Firefox/Chrome with 1024x768 resolution

Valid HTML 4.01 Transitional


ALL TRADEMARKS ® ARE PROPERTY OF LEGITTIMATE OWNERS.
© ALL RIGHTS RESERVED.

hosting&web - www.accademia3.it

grossocactus
find rguru on
http://www.twitter.com/sicurezza3/
... send an email ...
Your name

Destination email

Message

captcha! Code