Linux antidebug 5

Content: When debugging program line by line or when running it in some debugger then there can be some time delays when you pressing buttons. We can measure them with asm command

rdtsc

this instruction read time-stamp counter into edx:eax in our program will be enough values from eax

function for c that uses rdtsc is

extern int get_timer()

in fasm it looks like

get_timer:
    rdtsc
    ret

there is written code

s = get_timer();
for (i=0;i<10000;i++)
{
}
e = get_timer();
d = e - s;

average time to execute 10000 is 70069 ticks for value on with we detecting how fast working code i have choose twice of average 120000 if execution time is larger then probably it is debuged.

Compile

make

Download

http://archive.main.lv/files/writeup/linux_antidebug_5/antidebug5.zip