论文信息 - Debugging classification and anti-debugging strategies

Debugging classification and anti-debugging strategies

Debugging, albeit useful for software development, is also a double-edge sword since it could also be exploited by malicious attackers. This paper analyzes the prevailing debuggers and classifies them into 4 categories based on the debugging mechanism. Furthermore, as an opposite, we list 13 typical anti-debugging strategies adopted in Windows. These methods intercept specific execution points which expose the diagnostic behavior of debuggers.

Shang Gao | Qian Lin

[1] Mark Russinovich,et al. Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer) , 2004 .

[2] Kris Kaspersky. Hacker Debugging Uncovered , 2005 .

[3] Robert Grimm,et al. Debug all your code: portable mixed-environment debugging , 2009, OOPSLA 2009.

[4] Xu Chen,et al. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[5] Klaus D. Müller-Glaser,et al. Gaining Insight into Executable Models during Runtime: Architecture and Mappings , 2007, IEEE Distributed Systems Online.

[6] Samuel T. King,et al. Debugging Operating Systems with Time-Traveling Virtual Machines (Awarded General Track Best Paper Award!) , 2005, USENIX Annual Technical Conference, General Track.

[7] Stephen Taylor,et al. Software Protection through Anti-Debugging , 2007, IEEE Security & Privacy.