From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Protection Technique Articles

Item name: The "Ultimate" anti debugging reference
Rating: 0.0 (0 votes)
Author: Peter Ferrie                        
Home URL:
Last updated: 2004
Version (if appl.):
Direct D/L link:
Description: A debugger is probably the most commonly-used tool when reverse-engineering (a disassembler tool such as the Interactive DisAssembler (IDA) being the next most common). As a result, anti-debugging tricks are probably the most common feature of code intended to interfere with reverse-engineering (and anti- disassembly constructs being the next most common). These tricks can simply detect the presence of the debugger, disable the debugger, escape from the control of the debugger, or even exploit a vulnerability in the debugger. The presence of a debugger can be inferred indirectly, or a specific debugger can be detected. Disabling or escaping from the control of the debugger can be achieved in both generic and specific ways.

What follows is a selection of the known techniques used to detect the presence of a debugger, and in some cases, the defences against them.
Also listed in: Windows Anti Reversing Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)

RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.

Category Navigation Tree