API BASED ANTI-DEBUGGING
A. IsDebuggerPresent
B. CheckRemoteDebuggerPresent
C. OutputDebugString
D. FindWindow
E. Registry Key
F. NtQueryInformationProcess (ProcessDebugPort)
H. NtSetInformationThread Debugger Detaching
I. Self Debugging with DebugActiveProcess
J. NtQueryInformationProcess (ProcessDebugObjectHandle)
K. OllyDbg OutputDebugString() Format String
L. SeDebugPrivilege OpenProcess
M. OllyDbg OpenProcess String Detection
N. OllyDbg Filename Format String
DIRECT PROCESS AND THREAD BLOCK DETECTIONS
A. IsDebuggerPresent Direct PEB
B. IsDebuggerPresent Set/Check
C. NtGlobalFlag
D. Vista TEB System DLL Pointer
E. PEB ProcessHeap Flag Debugger
F. LDR_Module
HARDWARE AND REGISTER BASED DETECTION
A. Hardware Breakpoints
B. VMware LDT Register Detection
C. VMware STR Register Detection
TIMING BASED DETECTIONS
A. RDTSC
B. NTQueryPerformanceCounter
C. GetTickCount
D. timeGetTime
MODIFIED CODE DETECTION
A. CRC Checking
EXCEPTION BASED DETECTION
A. INT 3 Exception (0XCC)
B. INT 2D (Kernel Debugger Interrupt)
C. ICE Breakpoint
D. Single Step Detection
E. Unhandled Exception Filter
F. CloseHandle
G. Control-C Vectored Exception
H. Prefix Handling
I. CMPXCHG8B and LOCK
J. OllyDbg Memory Breakpoint
K. VMware Magic Port
'유용한 지식 자료들 > Anti Reversing 기법' 카테고리의 다른 글
| 가상머신탐지 코드 (0) | 2015.12.29 |
|---|---|
| CMPXCHG8B and LOCK (0) | 2011.11.29 |
| Red Pill (1) | 2011.11.29 |
| OpenRCE Anti Reverse Engineering Techniques Database (0) | 2011.11.29 |
| windows-anti-debug-reference (0) | 2011.11.29 |
