ARTeam: xTracer 1.0,xtracer是TLB内存跟踪器。它尝试使用英特尔体系结构中可用的拆分TLB来定位跟踪进程的代码段中的第一个中断。该代码可以方便地定位跟踪过程的OEP。目前只报告了第一次中断，但您可以修改代码来处理更多中断，因为如果您使用实际控制驱动程序的ring3程序，这根本不是问题。无论跟踪哪种保护，您都可能期望得到非常好和快速的结果。定位OEP所需的时间等于在没有调试器或任何跟踪器的情况下执行保护层所需的时间。

(xtracer is TLB memory tracer. It tries to locate first break in code section of traced process using split TLB which is available in intel architecture.
This code can be used to locate OEP of traced process easily. Currently only 1st break is reported, but you may modify code to handle more breaks as that's not a problem at all if you go trough ring3 program which actually controls driver. You may expect to get very good and fast results no matter which protection you are tracing. Time needed to locate OEP is equal to the time needed to execute protection layer without debugger, nor any tracer.)

1622366979909.rar

2021-5-30 17:29 上传

文件大小: 558 KB
下载次数: 0

ARTeam: xTracer 1.0,xtracer是TLB内存跟踪器。它尝试使用英特尔体系结构中可用的拆分TLB来定位跟踪进程的代码段中的第一个中断。该代码可以方便地定位跟踪过程的OEP。目前只报告了第一次中断，但您可以修改代码来处理更多中断，因为如果您使用实际控制驱动程序的ring3程序，这根本不是问题。无论跟踪哪种保护，您都可能期望得到非常好和快速的结果。定位OEP所需的时间等于在没有调试器或任何跟踪器的情况下执行保护层所需的时间。

(xtracer is TLB memory tracer. It tries to locate first break in code section of traced process using split TLB which is available in intel architecture.
This code can be used to locate OEP of traced process easily. Currently only 1st break is reported, but you may modify code to handle more breaks as that's not a problem at all if you go trough ring3 program which actually controls driver. You may expect to get very good and fast results no matter which protection you are tracing. Time needed to locate OEP is equal to the time needed to execute protection layer without debugger, nor any tracer.)

1622366979909.rar

2021-5-30 17:29 上传

文件大小: 558 KB
下载次数: 0