From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Anti Reversing Techniques


Item name: Anti-Anti Dump and Nonintrusive Tracers
Rating: 0.0 (0 votes)
Author: deroko                        
Home URL: http://www.accessroot.com/
Last updated:
Version (if appl.):
Direct D/L link: http://185.62.190.110/accessroot/arteam/site/download.php?view.10
Description: "A novel method to manage new anti-dump buffer-based protections used by latest protectors as AsProtect SKE, Armadillo etc (sources included)"
Also listed in: Windows Anti Reversing Articles, Windows Internals Articles, Windows Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Anti-debugging trick: ZwSetInformationThread with ThreadHideFromDebugger
Rating: 0.0 (0 votes)
Author: jstorme                        
Home URL: http://www.woodmann.com/forum/showthread.php?t=13438
Last updated: February 23, 2010
Version (if appl.):
Direct D/L link: N/A
Description: The function ZwSetInformationThread can be used with the ThreadHideFromDebugger parameter to prevent any attached debuggers of a thread to receive any exceptions from it.
Also listed in: Windows Anti Reversing Tidbits
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: The "Ultimate" anti debugging reference
Rating: 0.0 (0 votes)
Author: Peter Ferrie                        
Home URL: http://pferrie.host22.com
Last updated: 2004
Version (if appl.):
Direct D/L link: http://pferrie.host22.com/papers/antidebug.pdf
Description: A debugger is probably the most commonly-used tool when reverse-engineering (a disassembler tool such as the Interactive DisAssembler (IDA) being the next most common). As a result, anti-debugging tricks are probably the most common feature of code intended to interfere with reverse-engineering (and anti- disassembly constructs being the next most common). These tricks can simply detect the presence of the debugger, disable the debugger, escape from the control of the debugger, or even exploit a vulnerability in the debugger. The presence of a debugger can be inferred indirectly, or a specific debugger can be detected. Disabling or escaping from the control of the debugger can be achieved in both generic and specific ways.

What follows is a selection of the known techniques used to detect the presence of a debugger, and in some cases, the defences against them.
Also listed in: Windows Anti Reversing Articles, Windows Protection Technique Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.




No items can be added directly to this category, please rather select one of its sub-categories above to submit an item!

Views