tag:blogger.com,1999:blog-5036198523690297182.post7458672074050767959..comments2024-02-05T00:25:13.117-08:00Comments on waliedassar: Debuggers Anti-Attaching Techniques - Part 5waliedhttp://www.blogger.com/profile/18278414703959705421noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-5036198523690297182.post-61789548995318814622012-10-23T16:39:07.818-07:002012-10-23T16:39:07.818-07:00Yes, every single process has its own Process Envi...Yes, every single process has its own Process Environment Block(PEB). You can't read PEB of another process unless you use the "ReadProcessMemory" function, which reads across processes boundaries provided that you have the required privileges).<br /><br />The reason why OllyDbg does not show it is because OllyDbg uses the "EnumProcesses", "OpenProcess", "EnumProcessModules", "GetModuleFileNameExA" functions sequence (See screenshot no. 1).<br />EnumProcessModules and GetModuleFileNameExA wrap up calls to the "ReadProcessMemory" function. <br />For more info, read this:<br />http://waleedassar.blogspot.com/2012/03/getmodulefilenameex-and-infinite-loops.htmlwaliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-79980915829908151372012-10-23T06:44:47.402-07:002012-10-23T06:44:47.402-07:00Hello, thank you for your articels i really like t...Hello, thank you for your articels i really like to read them. :)<br /><br />But now i have a question:<br /><br />Is the PEB_LDR_DATA structure a global structure where all processes have access on it?<br /><br />I dont understand why Olly cant show me the process name if i click on attach. I mean i call these assembler instructions in a virtual address space.<br />I know only that every process has its on process enviroment block. <br />Bassnoreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-57600278276144924152011-12-28T01:39:43.956-08:002011-12-28T01:39:43.956-08:00I have just uploaded it to code.google.com.
You c...I have just uploaded it to code.google.com.<br /><br />You can find it here<br /><br />http://ollytlscatch.googlecode.com/files/attachTome.exe<br /><br />Btw, the link is okay.waliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-60430614072261827932011-12-28T01:29:29.730-08:002011-12-28T01:29:29.730-08:00First, thanks for your great post
But the link of...First, thanks for your great post<br /><br />But the link of demo was died. Please re-upload it. Thank you very much<br /><br />-rickbVnSpl0ithttps://www.blogger.com/profile/02589518377434744671noreply@blogger.com