Rule-based anti-anti-debugging system
暂无分享,去创建一个
Anti-debugging technology refers to various ways of preventing binary files from being analyzed in debuggers or other virtual machine environments. If binary files conceal or modify themself using anti-debugging techniques, analyzing these binary files becomes harder. There are some anti-anti-debugging techniques proposed so far, but malware developers make dynamic analysis difficult using various ways, such as execution time delay, debugger detection techniques and so on. In this paper, we propose a rule-based system that can avoid anti-debugging techniques in binary files, and showed several samples of anti-debugging applications and how to detect and patch anti-debugging techniques in common utilities or malicious code effectively.
[1] Lei Liu,et al. Malyzer: Defeating Anti-detection for Application-Level Malware Analysis , 2009, ACNS.
[2] Makoto Iwamura,et al. Memory behavior-based automatic malware unpacking in stealth debugging environment , 2010, 2010 5th International Conference on Malicious and Unwanted Software.
[3] Craig Valli,et al. Malware Forensics: Discovery of the Intent of Deception , 2010, J. Digit. Forensics Secur. Law.
[4] Paul C. van Oorschot. Revisiting Software Protection , 2003, ISC.