waliedassar

Prefetch Input Queue (PIQ)

Sep 15th, 2012
224
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //This function can be used to detect whether the processor still supports PIQ (Prefetch Input Queue).
  2. //At the time all processors supported PIQ, this was used as an anti-tracing trick.
  3. #include "stdafx.h"
  4. #include "windows.h"
  5. #include "iostream.h"
  6.  
  7.  
  8. bool IsPIQSupported()
  9. {
  10.     unsigned long old;
  11.     void* addr=0;
  12.     //-----------Get EIP----------------
  13.     unsigned long result=0;
  14.     __asm
  15.     {
  16.              pushad
  17.              call here
  18. here:
  19.              pop ebx
  20.              mov addr,ebx
  21.              popad
  22.     }
  23.    
  24.     //-------------------------Allow Write Access-----------------------
  25.     VirtualProtect(addr,100,PAGE_EXECUTE_READWRITE,&old);
  26.     //-------------------------Check for support------------------------
  27.     __asm
  28.     {
  29.              pushad
  30.              XOR EAX,EAX
  31.              XOR ECX,ECX
  32.              MOV AL,0x40
  33.              MOV CL,0x6
  34.              MOV EDI,offset shit
  35.              STD
  36.              REP STOS BYTE PTR ES:[EDI]
  37.              NOP
  38.              NOP
  39.              NOP
  40. shit:
  41.              NOP
  42.              CLD
  43.              mov result,eax
  44.              popad
  45.     };
  46.     //----------------------Restore Original-----------------------
  47.     VirtualProtect(addr,100,old,&old);
  48.     if(result==0x44) return true;
  49.     return false;
  50. }
  51.  
  52.  
  53.  
  54.  
  55. int main(int argc, char* argv[])
  56. {
  57.     unsigned long old;
  58.     void* addr=0;
  59.     if(IsPIQSupported())
  60.     {
  61.         cout<<"PIQ is supported"<<endl;
  62.     }
  63.     else
  64.     {
  65.         cout<<"PIQ is not supported"<<endl;
  66.     }
  67.     return 0;
  68. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×