Anti-debugging

From Unprotect Project
Revision as of 15:17, 4 November 2016 by Admin (talk | contribs) (Technics)

Jump to: navigation, search

Technic Description

Malware use also Anti-debug technics to avoid that analyst debug and analyse dynamically the malicious code.

Technics

Below is a list of all the Anti-Debug technics in Unprotect Project:

Anti Debugging Technics
Technics Description
Windows API IsDebuggerPresent
CheckRemoteDebuggerPresent
NtQueryInformationProcess / ZwQueryInformationProcess
NtSetInformationThread / ZwSetInformationThread
NtQueryObject
OutputDebugString
NtSetInformationThread
EventPairHandles
CsrGetProcessID
CloseHandle / NtClose

References