Windows Anti-Debug Reference

By Teddy Rogers

Find their other files

https://forum.tuts4you.com/files/file/1207-windows-anti-debug-reference/

About This File

This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems.

Anti-debugging techniques are ways for a program to detect if it runs under control of a debugger. They are used by commercial executable protectors, packers and malicious software, to prevent or slow-down the process of reverse-engineering.

We'll suppose the program is analyzed under a ring3 debugger, such as OllyDbg on Windows platforms. The paper is aimed towards reverse-engineers and malware analysts.

Note that we will talk purely about generic anti-debugging and anti-tracing techniques. Specific debugger detection, such as window or processes enumeration, registry scanning, etc. will not be addressed here.

Create an account or sign in to download this

File Information

Views 3,074
Downloads 535
Submitted February 13, 2020
Published February 14, 2020
Updated February 14, 2020
File Size 129.8 kB
Author
Nicolas Falliere
Email
nicolas.falliere@gmail.com
Website

http://www.securityfocus.com/

https://forum.tuts4you.com/files/file/1207-windows-anti-debug-reference/

Followers 1

Previous File The Ultimate Anti-Debugging Reference

User Feedback

0 Comments

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign in

Already have an account? Sign in here.

Sign In