NT ALL v0.6 Beta

FrogIce clone for NT/2K

My proggy won't give you the proccess or name of the prog which tries to detect NTice...but who care, you should know what process your reversing :)

Tricks Detected:
->BCHK
->Magic values in SI et DI
->Int 41h
->Meltice
->Suspicious Int01 instruction
Tricks detected are displayed in NTIce

Protection:
UnhandledExceptionFilter should be protected now....But NTALL won't display any EIP even if a prog try to check the first Byte of the UnhandledExceptionFilter fct.

Newz:
New kind of protection for UnhandledExceptionFilter
A new command to patch NTIce in memory...It'll patch the handlers of int 03, int 041 and some others byte to remove the potential int03 put on the first byte of UnhandledExceptionFilter


To be done:
Protection of the IDT
Protection of the registry
Hard patching of files
Code optimisation :)

Bugs known:


Pulsar 25-2-2000
UIN: 13411849	Mail: Pulsar_c@geocities.com

PS:
Parts of my code are directly ripped from code made by EliCZ, Frog's Print or Spath
Thank you guys!!

