From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Anti Reversing Articles


Item name: Anti-Anti Dump and Nonintrusive Tracers
Rating: 0.0 (0 votes)
Author: deroko                        
Home URL: http://www.accessroot.com/
Last updated:
Version (if appl.):
Direct D/L link: http://185.62.190.110/accessroot/arteam/site/download.php?view.10
Description: "A novel method to manage new anti-dump buffer-based protections used by latest protectors as AsProtect SKE, Armadillo etc (sources included)"
Also listed in: Windows Internals Articles, Windows Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: The "Ultimate" anti debugging reference
Rating: 0.0 (0 votes)
Author: Peter Ferrie                        
Home URL: http://pferrie.host22.com
Last updated: 2004
Version (if appl.):
Direct D/L link: http://pferrie.host22.com/papers/antidebug.pdf
Description: A debugger is probably the most commonly-used tool when reverse-engineering (a disassembler tool such as the Interactive DisAssembler (IDA) being the next most common). As a result, anti-debugging tricks are probably the most common feature of code intended to interfere with reverse-engineering (and anti- disassembly constructs being the next most common). These tricks can simply detect the presence of the debugger, disable the debugger, escape from the control of the debugger, or even exploit a vulnerability in the debugger. The presence of a debugger can be inferred indirectly, or a specific debugger can be detected. Disabling or escaping from the control of the debugger can be achieved in both generic and specific ways.

What follows is a selection of the known techniques used to detect the presence of a debugger, and in some cases, the defences against them.
Also listed in: Windows Protection Technique Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools