adplus-dvertising
frame-decoration

Question

How likely are the internal offsets in the NT data structure to change?

a.

Unlikely, as IsDebuggerPresent has not changed between Windows NT 4.0 and Windows Server 2003

b.

Likely, as IsDebuggerPresent has not changed between Windows NT 4.0 and Windows Server 2003

c.

Unlikely, as Microsoft has not changed these data structures in the past 7 years

d.

Likely, as past performance is not indicative of future results

Posted under Reverse Engineering

Answer: (a).Unlikely, as IsDebuggerPresent has not changed between Windows NT 4.0 and Windows Server 2003 Explanation:IsDebuggerPresent has not changed between Windows NT 4.0 and Windows Server 2003, which is a solid indicator that these are static data structures that are not likely to change.

Engage with the Community - Add Your Comment

Confused About the Answer? Ask for Details Here.

Know the Explanation? Add it Here.

Q. How likely are the internal offsets in the NT data structure to change?

Similar Questions

Discover Related MCQs

Q. What is required to incorporate assembly language code into a program?

Q. What is the SystemKernelDebuggerInformation request code used for?

Q. What is the data structure returned by the SystemKernelDebuggerInformation request?

Q. What should be checked to determine whether a kernel debugger is attached to the system using SystemKernelDebuggerInformation?

Q. What is the potential risk of detecting the presence of a kernel debugger?

Q. What is the Single-Step Interrupt used for in NuMega SoftICE?

Q. How does the program use the exception handler to detect whether SoftICE is running?

Q. What is the advantage of using the Single-Step Interrupt trick to detect SoftICE?

Q. What is the trap flag approach for detecting debuggers?

Q. What is the advantage of the trap flag approach?

Q. What is a limitation of the trap flag approach?

Q. What is the advantage of using code checksums as an antidebugging technique?

Q. How does the code checksum technique work as an antidebugging measure?

Q. What is the downside of using code checksums as an antidebugging technique?

Q. How can the use of code checksums be optimized to minimize the impact on program execution time?

Q. What is a potential consequence of modifying the program code to make it more difficult for reversers to understand the program flow?

Q. What is the strategy of confusing disassemblers as a means of preventing or inhibiting reversers?

Q. What is the difference between linear sweep and recursive traversal in disassembly?

Q. Which type of disassembler is more reliable and tolerant of antidisassembly tricks?

Q. Which of the following is NOT a potential effect of confusing disassemblers?