On Mon, 20 Mar 2000, Ulrich Weigand wrote:
>
> [EMAIL PROTECTED] wrote:
>
> [ Sorry for the late reply, I was off-line for two weeks ... ]
>
> Depending on just what the new %cs value is, the lcall instruction can
> in fact perform a normal inter-segment call, or else a call via a call
> gate, task gate, or to a task state segment.
These gates intel's equivalent of an entry descriptor in GCOS8? :-)
>
> Depending on the privilege levels of the target segment (or gate), the
> lcall instruction might or might not be privileged. Normal Win16 apps
> don't use any gates, and only ring-3 code segments, so under normal
> circumstances the instruction is *not* privileged. If you get a GPF
> at this point, this is typically because the pointer containing the
> target segment/offset was corrupted ...
>
> Bye,
> Ulrich
>
Looks more like a program transfer of control by intentional fault.
That has been a popular method of obfuscation for as long as there have
been fault handlers. Billy G and his henchmen didn't invent _anything_.
Thanks!
Lawson
Better safe than sorry, but better never safe.
---cut here
________________________________________________________________
YOU'RE PAYING TOO MUCH FOR THE INTERNET!
Juno now offers FREE Internet Access!
Try it today - there's no risk! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
