nikolatesla20
October 24th, 2002, 18:39
Foxthree pointed out that he no longer got the "Xhandledexception" message in his softICE logs - at least I didnt get it.
This brought to my attention that I had missed something, so I ran +Splaj's detector and lo behold it detected thru "Int 3 on Kernel32!UnhandledExceptionFilter".
I've removed the UnhandledExceptionFilter reference now, and it's clean (Still, except for int 1).
Get the fix here.
http://www.woodmann.net/forum/showthread.php?s=&threadid=4031
or Here as an attachment
My apologies to everyone who already downloaded.
Speaking of Int 1 detection, couldn't you just write a SI macro that increments the EIP to the right location before continuing...works on evaluator's modifed version of ^Daemon^'s detector. Perhaps would work reliably?
-nt20
This brought to my attention that I had missed something, so I ran +Splaj's detector and lo behold it detected thru "Int 3 on Kernel32!UnhandledExceptionFilter".
I've removed the UnhandledExceptionFilter reference now, and it's clean (Still, except for int 1).
Get the fix here.
http://www.woodmann.net/forum/showthread.php?s=&threadid=4031
or Here as an attachment
My apologies to everyone who already downloaded.
Speaking of Int 1 detection, couldn't you just write a SI macro that increments the EIP to the right location before continuing...works on evaluator's modifed version of ^Daemon^'s detector. Perhaps would work reliably?
-nt20
same problem with 4.2.6 and your 4.2.6 patch...in unpatched mode there is no problem. I guess it is related to NTICE.SYS, thanks