Anti-debugging

From Unprotect Project
Revision as of 16:05, 4 November 2016 by Admin (talk | contribs) (Technic Description)

Jump to: navigation, search

Technic Description

Malware use also Anti-Debug technics to avoid that analyst debug and analyse dynamically the malicious code.

Technics

Below is a list of all the Anti-Debug technics in Unprotect Project:

Anti Debugging Technics
Technics Description
Windows API IsDebuggerPresent
CheckRemoteDebuggerPresent
NtQueryInformationProcess / ZwQueryInformationProcess
NtSetInformationThread / ZwSetInformationThread
NtQueryObject
OutputDebugString
NtSetInformationThread
EventPairHandles
CsrGetProcessID
CloseHandle / NtClose
Checking Manually IsDebugged Flag
Heap Flag
NtGlobalFlag
Timing Check RDTSC
GetTickCount
NtQueryPerformanceCounter
Debugger Detection FindWindow
FindProcess
BadStringFormat
Disturb Debugger TLS Callback
Unhandled Exception Filter
Performing code checksum
Interrupts
INT Scanning

References