Windows Anti-Debug Reference


ΠšΠ°Ρ‚Π΅Π³ΠΎΡ€ΠΈΡ: Other

ΠŸΠΎΠ΄Π΅Π»ΠΈΡ‚ΡŒΡΡ:
This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems. Anti-debugging techniques are ways for a program to detect if it runs under control of a debugger. They are used by commercial executable protectors, packers and malicious software, to prevent or slow-down the process of reverse-engineering. We'll suppose the program is analyzed under a ring3 debugger, such as OllyDbg on Windows platforms. The paper is aimed towards reverse-engineers and malware analysts. Note that we will talk purely about generic anti-debugging and anti-tracing techniques. Specific debugger detection, such as window or processes enumeration, registry scanning, etc. will not be addressed here.
 Π‘ΠΊΠ°Ρ‡Π°Ρ‚ΡŒ



ΠšΠΎΠΌΠΌΠ΅Π½Ρ‚Π°Ρ€ΠΈΠΈ

    НичСго Π½Π΅ Π½Π°ΠΉΠ΄Π΅Π½ΠΎ.