![]() hardware breakpoints - DR0…DR4 debug registers provided by the processor, as one of them is reached, INT 1 interrupt is raised by OS.software breakpoints - replacing original instruction with 0xCC and raising interrupt routine for debugger to handle it. ![]() If you’d like to read more in details, I’ve provided links to some great antidbg materials in the end of the post.įeel free to contact me to complete the list with undescribed technique and/or correct already described ones! Before we start, a little refreshment on breakpoints (OllyDbg has been taken as an example, although it’s true for most of debuggers): Please note: this is not a complete set of techniques and rather “shortcuts” than a guide. Techniques here do not include obfuscation like false branches, spaghetti code etc., and present an extract of popular ways to kick debugger’s ass. It’s been quite a while I analyzed malware last time, so I decided to refresh my knowledge and write a short post on common x86 malware anti-debugging techniques.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |