Zer0 day

[Paper] Anti Reversing Techniques 본문

Research/Reversing

[Paper] Anti Reversing Techniques

Zero Day 2016.09.29 11:36

Anti-Reversing Techniques

1. Introduction
1.1 Reversing

1.2 Anti Reversing

 

2. Anti-Debugging

    2.1 Based on API Calls

          2.1.1 CheckRemoteDebuggerPresent

          2.1.2 FindWindow

          2.1.3 OpenProcess

          2.1.2 Self-Debugging

          2.1.4 OutputDebugString

          2.1.5 BlockInput

          2.1.6 DeleteFiber

          2.1.7 LDR
2.2 Based on Windows Internals

          2.2.1 NtQueryObject

          2.2.2 NtQuerySystemInformation

          2.2.3 NtSetInformationThread

          2.2.4 NtSetDebugFilterState

          2.2.5 NtQueryInformationProcess
2.3 Based on Exception

          2.3.1 UnHandledExceptionFilter

          2.3.2 CloseHandle

          2.3.3 int 3

          2.3.4 int 2d

          2.3.5 int 41

          2.3.6 Prefix Handling

          2.3.7 CMPXCHG8B and LOCK Prefix

          2.3.8 Guard Pages

          2.3.9 CLI & STI

          2.3.10 SEH
2.4 Based on Break Points

          2.4.1 Hardware Break Point
2.5 Based on Flags

          2.5.1 BeingDebugged

          2.5.2 Trap Flag

          2.5.3 NtGlobal Flag

          2.5.4 Heap Flag

    2.6 Based on VM Detection

          2.6.1 Red Pill

          2.6.2 No Pill

          2.6.3 SLDT

          2.6.4 I/O Port

          2.6.5 STR

          2.6.6 SMSW

          2.6.7 CPUID

          2.6.8 MAC Address

          2.6.9 ETC
2.7 Based on Timing

          2.7.1 RDTSC
2.8 Based on Checksum

          2.8.1 Hash Checking
2.9 Etc

          2.9.1 Stack Segment

          2.9.2 TLS Callback

          2.9.3 CC Scanning

 

3. Anti-Disassembly
3.1 Code Obfuscating

          3.1.1 Code Virtualizing

          3.1.1 VFTable

          3.1.1 Dummy Codes
3.2 Packing

          3.2.1 benchmark
3.3 Anti-Dumping

          3.3.1 Erase PE Header

          3.3.2 PE Header Modification

          3.3.3 Sections Modification
3.4 Etc

          3.4.1 Fake Signatures

 

4. Conclusion

 

5. Reference

 


       Anti-Reversing Techniques :      Anti Revering Techniques [zer0day].pdf



궁금한 점이나 오류/타 있으면 알려주세요!

'Research > Reversing' 카테고리의 다른 글

[Paper] Anti Reversing Techniques  (2) 2016.09.29
2 Comments
댓글쓰기 폼
Prev 1 2 3 4 5 6 7 Next