[newgre]

Hi,

I encountered a weird code sequence which presumably was copy and pasted from a driver:

Code: Select all

pushad
xor eax, ebx
sub ebx, ecx
add ecx, 0x989898
sub ecx, eax
xor ebx, 0x87
popad

I googled it and it seemed to be part of some chinese driver. Does anyone have an explanation what the purpose if this code is?
I doon't see any purpose in it since all effects are reverted by the popad anyway. Why would someone add this code to the Driverentry?

[EP_X0FF]

Some sort of signature maybe for debugging purposes. Don't ask why, it's Chinese code and they love all kind of perversions in drivers :)

[liangtong]

It's a modified version of "RESSDT" to evade anti-virus detection.
http://read.pudn.com/downloads95/source ... DT.c__.htm