Feb 13

Nicolas Falliere: Windows Anti-Debug Reference

reverse engineering No Comments »

Windows Anti-Debug Reference
Nicolas Falliere

This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems. Anti-debugging techniques are ways for a program to detect if it runs under control of a debugger. They are used by commercial executable protectors, packers and malicious software, to prevent or slow-down the process of reverse-engineering. We’ll suppose the program is analyzed under a ring3 debugger, such as OllyDbg on Windows platforms. The paper is aimed towards reverse-engineers and malware analysts. Note that we will talk purely about generic anti-debugging and anti-tracing techniques. Specific debugger detection, such as window or processes enumeration, registry scanning, etc. will not be addressed here.
Read the rest of this entry »

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • blogmarks
  • Fleck
  • Furl
  • Netscape
  • Reddit
  • Shadows
  • StumbleUpon
  • Technorati
WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in