PIQ CONSIDERATIONS
by +Heres
(16 September 1997)
Courtesy of Fravia's page of reverse engineering
Well, an interesting answer... we await other opinions on this: is the PIQ idea, for a tough protection, a GOOD idea, or rather an impossible path?
+HCU's special Project X: How to protect better
[You should use Courier New 10 in order to view and print correctly this essay]
Ok... I have read the essay by Camel Eater about the Prefetch Instruction Queue, but
I have some doubts on his usage in protection schemes. Around three year ago I wrote
a little program for the PIQ size determination... This is the source:
; FILENAME: prefetch.asm
; AUTHOR: +Heres (1994)
; ==================================================
; TASM /m2 prefetch
; TLINK /t prefetch
;
.MODEL TINY ; .COM file
.CODE
ORG 100h
CODICE PROC NEAR
mov al,90h
mov bl,11
lea di,conto
mov cl,22
rep stosb
;
conto: inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
inc bx
;
lea dx,testo1
mov ah,09h
int 21h
cmp bx,11
ja more
inc bx
lea dx,testo2
jmp write
more: cmp bx,33
jb normal
dec bx
lea dx,testo3
write: int 21h
normal: mov ax,bx
mov cl,10
div cl
add ax,3030h
mov dx,ax
mov ah,02h
int 21h
mov dl,dh
mov ah,02h
int 21h
lea dx,testo4
mov ah,09h
int 21h
int 20h
testo1 db 'Your CPU seems to have $'
testo2 db 'less than $'
testo3 db 'more than $'
testo4 db ' bytes of PIQ.', 13, 10, '$'
CODICE ENDP
END CODICE
This program works only on processors before the Pentium family, because the Intel
Pentium processor updates the PIQ if the corresponding memory is changed, and not
only if a JMP, CALL, RET, etc. istruction is executed... But if you have a processor
of the 486 family, you can check the size of his PIQ, using this little program. On
a Pentium processor the result is always "less than 12 bytes" because the PIQ is
constantly updated...
So I can not think that this protection tric is yet useful today.
+Heres, September 14th 1997
(c) +Heres 1997. All rights reversed
You are deep inside fravia's page of reverse
engineering, choose your way out:
Back to Our protections
homepage
links
anonymity
+ORC students' essays tools
cocktails
academy database
antismut search_forms mail_fravia
is reverse engineering legal?