CreateMutex
까보면 다나와~

안티 디버깅(anti-debugging) 기법들

API BASED ANTI-DEBUGGING

A. IsDebuggerPresent

B. CheckRemoteDebuggerPresent

C. OutputDebugString

D. FindWindow

E. Registry Key

F. NtQueryInformationProcess (ProcessDebugPort)

H. NtSetInformationThread Debugger Detaching

I. Self Debugging with DebugActiveProcess

J. NtQueryInformationProcess (ProcessDebugObjectHandle)

K. OllyDbg OutputDebugString() Format String

L. SeDebugPrivilege OpenProcess

M. OllyDbg OpenProcess String Detection

N. OllyDbg Filename Format String

 

 

DIRECT PROCESS AND THREAD BLOCK DETECTIONS

A. IsDebuggerPresent Direct PEB

B. IsDebuggerPresent Set/Check

C. NtGlobalFlag

D. Vista TEB System DLL Pointer

E. PEB ProcessHeap Flag Debugger

F. LDR_Module

 

 

HARDWARE AND REGISTER BASED DETECTION

A. Hardware Breakpoints

B. VMware LDT Register Detection

C. VMware STR Register Detection

 

 

TIMING BASED DETECTIONS

A. RDTSC

B. NTQueryPerformanceCounter

C. GetTickCount

D. timeGetTime

 

 

MODIFIED CODE DETECTION

A. CRC Checking

 

 

EXCEPTION BASED DETECTION

A. INT 3 Exception (0XCC)

B. INT 2D (Kernel Debugger Interrupt)

C. ICE Breakpoint

D. Single Step Detection

E. Unhandled Exception Filter

F. CloseHandle

G. Control-C Vectored Exception

H. Prefix Handling

I. CMPXCHG8B and LOCK

J. OllyDbg Memory Breakpoint

K. VMware Magic Port

'유용한 지식 자료들 > Anti Reversing 기법' 카테고리의 다른 글

가상머신탐지 코드  (0) 2015.12.29
CMPXCHG8B and LOCK  (0) 2011.11.29
Red Pill  (1) 2011.11.29
OpenRCE Anti Reverse Engineering Techniques Database  (0) 2011.11.29
windows-anti-debug-reference  (0) 2011.11.29
  Comments,     Trackbacks