PIQ CONSIDERATIONS

by +Heres
hcu1
(16 September 1997)

Courtesy of Fravia's page of reverse engineering
Well, an interesting answer... we await other opinions on this: is the PIQ idea, for a tough protection, a GOOD idea, or rather an impossible path?
+HCU's special Project X: How to protect better
tough
[You should use Courier New 10 in order to view and print correctly this essay] 



Ok... I have read the essay by Camel Eater about the Prefetch Instruction Queue, but

I have some doubts on his usage in protection schemes. Around three year ago I wrote

a little program for the PIQ size determination... This is the source:



; FILENAME: prefetch.asm

; AUTHOR: +Heres (1994)

; ==================================================

; TASM /m2 prefetch

; TLINK /t prefetch

;

                .MODEL TINY             ; .COM file

                .CODE

                ORG    100h

CODICE          PROC   NEAR

                mov    al,90h

                mov    bl,11

                lea    di,conto

                mov    cl,22

                rep    stosb

;

conto:          inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

                inc    bx

;

                lea    dx,testo1

                mov    ah,09h

                int    21h

                cmp    bx,11

                ja     more

                inc    bx

                lea    dx,testo2

                jmp    write

more:           cmp    bx,33

                jb     normal

                dec    bx

                lea    dx,testo3

write:          int    21h

normal:         mov    ax,bx

                mov    cl,10

                div    cl

                add    ax,3030h

                mov    dx,ax

                mov    ah,02h

                int    21h

                mov    dl,dh

                mov    ah,02h

                int    21h

                lea    dx,testo4

                mov    ah,09h

                int    21h

                int    20h

testo1          db     'Your CPU seems to have $'

testo2          db     'less than $'

testo3          db     'more than $'

testo4          db     ' bytes of PIQ.', 13, 10, '$'

CODICE          ENDP

                END    CODICE



This program works only on processors before the Pentium family, because the Intel

Pentium processor updates the PIQ if the corresponding memory is changed, and not

only if a JMP, CALL, RET, etc. istruction is executed... But if you have a processor 

of the 486 family, you can check the size of his PIQ, using this little program. On

a Pentium processor the result is always "less than 12 bytes" because the PIQ is

constantly updated...



So I can not think that this protection tric is yet useful today.
+Heres, September 14th 1997
(c) +Heres 1997. All rights reversed
You are deep inside fravia's page of reverse engineering, choose your way out:

Back to Our protections
homepage links red anonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?