본문 바로가기

Research/Reversing

[Paper] Anti Reversing Techniques

Anti-Reversing Techniques

1. Introduction
1.1 Reversing

1.2 Anti Reversing

 

2. Anti-Debugging

    2.1 Based on API Calls

          2.1.1 CheckRemoteDebuggerPresent

          2.1.2 FindWindow

          2.1.3 OpenProcess

          2.1.2 Self-Debugging

          2.1.4 OutputDebugString

          2.1.5 BlockInput

          2.1.6 DeleteFiber

          2.1.7 LDR
2.2 Based on Windows Internals

          2.2.1 NtQueryObject

          2.2.2 NtQuerySystemInformation

          2.2.3 NtSetInformationThread

          2.2.4 NtSetDebugFilterState

          2.2.5 NtQueryInformationProcess
2.3 Based on Exception

          2.3.1 UnHandledExceptionFilter

          2.3.2 CloseHandle

          2.3.3 int 3

          2.3.4 int 2d

          2.3.5 int 41

          2.3.6 Prefix Handling

          2.3.7 CMPXCHG8B and LOCK Prefix

          2.3.8 Guard Pages

          2.3.9 CLI & STI

          2.3.10 SEH
2.4 Based on Break Points

          2.4.1 Hardware Break Point
2.5 Based on Flags

          2.5.1 BeingDebugged

          2.5.2 Trap Flag

          2.5.3 NtGlobal Flag

          2.5.4 Heap Flag

    2.6 Based on VM Detection

          2.6.1 Red Pill

          2.6.2 No Pill

          2.6.3 SLDT

          2.6.4 I/O Port

          2.6.5 STR

          2.6.6 SMSW

          2.6.7 CPUID

          2.6.8 MAC Address

          2.6.9 ETC
2.7 Based on Timing

          2.7.1 RDTSC
2.8 Based on Checksum

          2.8.1 Hash Checking
2.9 Etc

          2.9.1 Stack Segment

          2.9.2 TLS Callback

          2.9.3 CC Scanning

 

3. Anti-Disassembly
3.1 Code Obfuscating

          3.1.1 Code Virtualizing

          3.1.1 VFTable

          3.1.1 Dummy Codes
3.2 Packing

          3.2.1 benchmark
3.3 Anti-Dumping

          3.3.1 Erase PE Header

          3.3.2 PE Header Modification

          3.3.3 Sections Modification
3.4 Etc

          3.4.1 Fake Signatures

 

4. Conclusion

 

5. Reference

 


       Anti-Reversing Techniques :     Anti Revering Techniques [zer0day].pdf



궁금한 점이나 오류/타 있으면 알려주세요!