From 9b9586b559edb387af804c52d2b593b711ce98be Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Thu, 27 May 2021 09:01:12 +0100 Subject: Updated 6 more articles from html to md --- md/writeup/linux_antidebug_5.md | 56 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 md/writeup/linux_antidebug_5.md (limited to 'md/writeup/linux_antidebug_5.md') diff --git a/md/writeup/linux_antidebug_5.md b/md/writeup/linux_antidebug_5.md new file mode 100644 index 0000000..fc71e6e --- /dev/null +++ b/md/writeup/linux_antidebug_5.md @@ -0,0 +1,56 @@ +title:Linux antidebug 5 +keywords:math,statistics + +# Linux antidebug 5 + +Content: When debugging program line by line or when running it +in some debugger then there can be some time delays when you +pressing buttons. We can measure them with asm command + +```asm +rdtsc +``` + +this instruction read time-stamp counter into edx:eax in our +program will be enough values from +eax + +function for c that uses rdtsc is + +```c +extern int get_timer() +``` + +in fasm it looks like + +```asm +get_timer: + rdtsc + ret +``` + +there is written code + +```c +s = get_timer(); +for (i=0;i<10000;i++) +{ +} +e = get_timer(); +d = e - s; +``` + +average time to execute 10000 is 70069 ticks for value +on with we detecting how fast working code i have choose +twice of average 120000 if execution time is larger then +probably it is debuged. + +## Compile +``` +make +``` + +## Download + +http://archive.main.lv/files/writeup/linux_antidebug_5/antidebug5.zip + -- cgit v1.2.3