Anti-Reversing Techniques
1. Introduction
1.1 Reversing
1.2 Anti Reversing
2. Anti-Debugging
2.1 Based on API Calls
2.1.1 CheckRemoteDebuggerPresent
2.1.2 FindWindow
2.1.3 OpenProcess
2.1.2 Self-Debugging
2.1.4 OutputDebugString
2.1.5 BlockInput
2.1.6 DeleteFiber
2.1.7 LDR
2.2 Based on Windows Internals
2.2.1 NtQueryObject
2.2.2 NtQuerySystemInformation
2.2.3 NtSetInformationThread
2.2.4 NtSetDebugFilterState
2.2.5 NtQueryInformationProcess
2.3 Based on Exception
2.3.1 UnHandledExceptionFilter
2.3.2 CloseHandle
2.3.3 int 3
2.3.4 int 2d
2.3.5 int 41
2.3.6 Prefix Handling
2.3.7 CMPXCHG8B and LOCK Prefix
2.3.8 Guard Pages
2.3.9 CLI & STI
2.3.10 SEH
2.4 Based on Break Points
2.4.1 Hardware Break Point
2.5 Based on Flags
2.5.1 BeingDebugged
2.5.2 Trap Flag
2.5.3 NtGlobal Flag
2.5.4 Heap Flag
2.6 Based on VM Detection
2.6.1 Red Pill
2.6.2 No Pill
2.6.3 SLDT
2.6.4 I/O Port
2.6.5 STR
2.6.6 SMSW
2.6.7 CPUID
2.6.8 MAC Address
2.6.9 ETC
2.7 Based on Timing
2.7.1 RDTSC
2.8 Based on Checksum
2.8.1 Hash Checking
2.9 Etc
2.9.1 Stack Segment
2.9.2 TLS Callback
2.9.3 CC Scanning
3. Anti-Disassembly
3.1 Code Obfuscating
3.1.1 Code Virtualizing
3.1.1 VFTable
3.1.1 Dummy Codes
3.2 Packing
3.2.1 benchmark
3.3 Anti-Dumping
3.3.1 Erase PE Header
3.3.2 PE Header Modification
3.3.3 Sections Modification
3.4 Etc
3.4.1 Fake Signatures
4. Conclusion
5. Reference
Anti-Reversing Techniques : 
Anti Revering Techniques [zer0day].pdf
궁금한 점이나 오류/타 있으면 알려주세요!
'Research > Reversing' 카테고리의 다른 글
| [Analysis] Practical Malware Analysis Lab 18-01~05 Unpacking (0) | 2017.01.15 |
|---|---|
| [Analyze] crackmes.de : q_keygenme_1.0 by quetz (0) | 2016.02.17 |
| [Analyze] 롤 Helper - 프로그램 분석 (0) | 2016.01.13 |
| [Analyze] 페이스북 방문자 추적기 - 프로그램 분석 (0) | 2016.01.06 |
| [Docs] Reverse CRC 64 SecuInside 2014 - rarara (0) | 2014.08.23 |