PIQ CONSIDERATIONS

by +Heres
hcu1
(16 September 1997)


Courtesy of Fravia's page of reverse engineering

Well, an interesting answer... we await other opinions on this: is the PIQ idea, for a tough protection, a GOOD idea, or rather an impossible path?

+HCU's special Project X: How to protect better
tough

[You should use Courier New 10 in order to view and print correctly this essay]


Ok... I have read the essay by Camel Eater about the Prefetch Instruction Queue, but
I have some doubts on his usage in protection schemes. Around three year ago I wrote
a little program for the PIQ size determination... This is the source:

; FILENAME: prefetch.asm
; AUTHOR: +Heres (1994)
; ==================================================
; TASM /m2 prefetch
; TLINK /t prefetch
;
                .MODEL TINY             ; .COM file
                .CODE
                ORG    100h
CODICE          PROC   NEAR
                mov    al,90h
                mov    bl,11
                lea    di,conto
                mov    cl,22
                rep    stosb
;
conto:          inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
                inc    bx
;
                lea    dx,testo1
                mov    ah,09h
                int    21h
                cmp    bx,11
                ja     more
                inc    bx
                lea    dx,testo2
                jmp    write
more:           cmp    bx,33
                jb     normal
                dec    bx
                lea    dx,testo3
write:          int    21h
normal:         mov    ax,bx
                mov    cl,10
                div    cl
                add    ax,3030h
                mov    dx,ax
                mov    ah,02h
                int    21h
                mov    dl,dh
                mov    ah,02h
                int    21h
                lea    dx,testo4
                mov    ah,09h
                int    21h
                int    20h
testo1          db     'Your CPU seems to have $'
testo2          db     'less than $'
testo3          db     'more than $'
testo4          db     ' bytes of PIQ.', 13, 10, '$'
CODICE          ENDP
                END    CODICE

This program works only on processors before the Pentium family, because the Intel
Pentium processor updates the PIQ if the corresponding memory is changed, and not
only if a JMP, CALL, RET, etc. istruction is executed... But if you have a processor 
of the 486 family, you can check the size of his PIQ, using this little program. On
a Pentium processor the result is always "less than 12 bytes" because the PIQ is
constantly updated...

So I can not think that this protection tric is yet useful today.
+Heres, September 14th 1997
(c) +Heres 1997. All rights reversed
You are deep inside fravia's page of reverse engineering, choose your way out:

Back to Our protections
homepage links red anonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?