2010. 5. 12. 16:53, 유용한 지식 자료들/Anti Reversing 기법
Thermida AntiDebug Specs
(Just ignore this if you've never step though asm code with an debugger)
Checks first byte of an API for 0xCC
^- so avoid setting a breakpoint directly to for ex. CreateFile
(instead set on the next instruction in CreateFile)
\\.\NTICE \\.\SICE \\.\SIWVID [No comment]
"ntice.sys" [No comment]
"iceext.sys" Numega Softice Extension for hiding softice
"Syser.sys" Syser Kernel Debugger (http://www.sysersoft.com)
"HanOlly.sys" from 'HanOlly_edition_for_themida_1.9'
"extrem.sys" "FRDTSC.SYS" standardname of 'PhantOm'plugin for Ollydebug
(change this in Ollydbg.ini![Plugin PhantOm]!)
"Filem" "REGMON" "regsys" "sysregm" "PROCMON" yaya the powertools from Sysinterals
(Just ignore this if you've never step though asm code with an debugger)
Checks first byte of an API for 0xCC
^- so avoid setting a breakpoint directly to for ex. CreateFile
(instead set on the next instruction in CreateFile)
\\.\NTICE \\.\SICE \\.\SIWVID [No comment]
"ntice.sys" [No comment]
"iceext.sys" Numega Softice Extension for hiding softice
"Syser.sys" Syser Kernel Debugger (http://www.sysersoft.com)
"HanOlly.sys" from 'HanOlly_edition_for_themida_1.9'
"extrem.sys" "FRDTSC.SYS" standardname of 'PhantOm'plugin for Ollydebug
(change this in Ollydbg.ini![Plugin PhantOm]!)
"Filem" "REGMON" "regsys" "sysregm" "PROCMON" yaya the powertools from Sysinterals
더미다에서 쓰이는 안티디버그 방법 중 몇 가지 입니다.
실제로 까본 모습인데 몇 가지 파일이 더 있네요. 버젼에 따라 다르겠죠.
* iceext.sys ntice.sys syser.sys hanolly.sys extrem.sys frdtsc.sys
'유용한 지식 자료들 > Anti Reversing 기법' 카테고리의 다른 글
| CMPXCHG8B and LOCK (0) | 2011.11.29 |
|---|---|
| Red Pill (1) | 2011.11.29 |
| OpenRCE Anti Reverse Engineering Techniques Database (0) | 2011.11.29 |
| windows-anti-debug-reference (0) | 2011.11.29 |
| 안티안티모니터링을 위한 API (0) | 2011.11.21 |
Comments, Trackbacks
