?
Solved

need to set int3, but getting crashes

Posted on 2005-05-12
15
Medium Priority
?
283 Views
Last Modified: 2012-06-27
I am a newbie to assembly. In fact I am just reading my first book by Jeff Duntemann.
Unfortunately as anyone knows who has read it, you can be half way through without even doing any programming.
So I havn't got to the interrupts yet, but something has come up where I need some software protection for a Win32 app I have created.

I want to mess up people who are trying to run a debugger on my app. I have read that int 3 will cause breakpoints. So I want to periodically reset int 3.

I can't figure it out, Can someone please help me out here. I am using VC++ so the code would have to be something like this:
_asm{
// all assembly code here
...
}

I really appriciate anyones help.

Chris Reid
0
Comment
Question by:cafechris
15 Comments
 
LVL 22

Expert Comment

by:grg99
ID: 13989284
You're not allowed to mess with interrrupts in a Win32 App.

Most of the old assembler stuff assumes you're running in DOS, with real DOS, not in a emulated DOS box.

You'd better find an old computer and set it up with DOS.

0
 
LVL 1

Author Comment

by:cafechris
ID: 13989959
That is probably why it is crashing...
0
 
LVL 1

Author Comment

by:cafechris
ID: 13989986
well, that sucks,

If debuggers use the int3 for breakpoints, is there anyway to do this within a win32 app?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 9

Accepted Solution

by:
BeyondWu earned 800 total points
ID: 14008518
There are lots of tricks to cheat the debugger,  e.g
try
{
        _asm  int 3                                                  // if this code is being debugged, the debugger will catch the int3 exception, and then the following code which locates inside the catch(...) scope will not be run, that's the simplest trick with int3 and SEH.
}
catch(...)
{
        //your real functional code comes here.
}
0
 
LVL 1

Author Comment

by:cafechris
ID: 14040964
thanks
I will give it a try....

So If I placed my software protection in the catch then it would get skipped by the debugger?
What would happen under normal running conditions ? Does int 3 possible have any downfalls for normal opperating conditions.
0
 
LVL 1

Author Comment

by:cafechris
ID: 14041009
Whoops, still doesn't work in Win32....

grg99 mentioned that you cannot use interrupts in win32, I am still wondering if there are any ways around this.
0
 
LVL 3

Expert Comment

by:Dancie
ID: 14051870
If you the VC++ developing enviorment, the debugger will break on the int 3
with a message that it has stopped at a user placed int 3 but will let you continue with the debugging.
Now if you want to execute your program from the command line then
there are other options
If you can get your hands on the SoftIce debugger,or somthing like it , this can be set to catch the int 3. It is rather complicated for a beginner to setup.
0
 
LVL 1

Author Comment

by:cafechris
ID: 14064631
>>It is rather complicated for a beginner to setup.

Sounds like it.
I can detect if the process or window is open for softIce.
I may just do this for now.

What are the main apps used for Cracking, does anyone know? I know SoftIce.
If I knew them, I could do this for all the apps.

If this question is against the rules, don't answer it. I am just curious about my options to block illegal activity with my program.

0
 
LVL 9

Expert Comment

by:BeyondWu
ID: 14068429
>>>Whoops, still doesn't work in Win32....
Post your code please, which platform? win2k or xp?

>>>I can detect if the process or window is open for softIce.
Yes, you can check the NTICE or other .sys module to check if the softice is running, you also can use IsDebuggerPresent to check if your app is debugging... but you still need to encrypt those detection code snippet, otherwise it's easy to be bypassed through using any debugger with any hex editor.

>>>What are the main apps used for Cracking, does anyone know? I know SoftIce.
There are lots of tools that can used for cracking, ok, the most famous tool is SoftIce, it's also my favourite.
Under win9x, I also like TRW, for ring3 application, I usually use Ollydbg, I even use VC++ sometimes.
Above mentioned are all dynamic debugger, the most powerful static analyser is IDA! It's an awesome tool, to avoid to be static analysed, you need to add obfuscation code.....

>>>I am just curious about my options to block illegal activity with my program.
I think the hardware anticopy dog can protect more well, such as rainbow dog.....
0
 
LVL 4

Assisted Solution

by:furqanchandio
furqanchandio earned 200 total points
ID: 14076404
hi

try the following link

http://www.anticracking.sk/coding.html


that might safeguard your windows application
cheers
0
 
LVL 1

Author Comment

by:cafechris
ID: 14092546
Thanks guys,
I will look over it all this weekend (hopefully).
0
 
LVL 20

Assisted Solution

by:Daniel Van Der Werken
Daniel Van Der Werken earned 800 total points
ID: 14132951
Typically, you generate the Int3 by using an Assert(TRUE) or an Assert(<expression that evaluates to TRUE).

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/ddtools/DebugFns_27464f28-4c0c-493b-8c53-95e63e694fc4.xml.asp

Then, if you look at the disassembly at this point, it'll be an INT 3.
---Dan---
0
 
LVL 1

Author Comment

by:cafechris
ID: 14172194
I am sorry I have been too busy to test this out. I actually moved on to other options. I will award points as soon as I can test something.

 furqanchandio -
I really think this link was great.

Dan7el -
Havn't got to try this yet. Everything else so far has crashed my app.

BeyondWu -
I tried this and it crashed. I will do some tests on a more controlled environment.

Thanks everyone,

Chris
0
 
LVL 1

Author Comment

by:cafechris
ID: 14226778
BeyondWu -
I read Dan7el's post and it made yours make sense. I will raise and split the points for you guys.

Thanks for the help guys

raise from 250-400; BeyondWu gets 200 and Dan7el gets 200


0
 
LVL 1

Author Comment

by:cafechris
ID: 14226784
better give a bit to the great link by furqanchandio 50pts
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month17 days, 6 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question