Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Detecting SoftICE ?
From: Florian Maier (florian.maiermuenchen.de)
Date: Thu May 12 2005 - 10:26:31 CDT
there are several Methods for detecting Softice. More and less reliable
ones, depending which version you are dealing with.
"Crackproof your software" (published by No Starch Press) outlines some
of the more useful and recent techniques you should
probably check this resource first.
No promise, but i'll try to send you some implemention examples over the
Bruce Klein schrieb:
>I am writing a Win32 DLL and am currently trying to detect if SoftICE is present.
>I am trying the "classic" detection methods and for my version of SoftICE (4.3.2) under Windows XP, so far no method has succeeded at detecting it.
>The methods I am trying are well described in Viega & Messier's "Secure Programming Cookbook" and all over the net. One is the "Meltice" technique that looks for a virtual device named "\.\\NTICE"; the other uses the "Boundschecker" method that uses int 3, with "BCHK"
>in a register.
>I am having no luck with either method. Perhaps because the methods are obsolete with the current version of SoftICE. Perhaps because I'm doing something stupid.
>Given the above, I have two questions I'm hoping someone can answer:
> - Does anyone know a method to detect today's SoftICE?
> - Do the other methods even work (and for what versions)?
>I'd be happy to post the small source or answer any further questions.
>Thanks in advance.