Zer0 day
[Paper] Anti Reversing Techniques 본문
Anti-Reversing Techniques
1. Introduction
1.1 Reversing
1.2 Anti Reversing
2. Anti-Debugging
2.1 Based on API Calls
2.1.1 CheckRemoteDebuggerPresent
2.1.2 FindWindow
2.1.3 OpenProcess
2.1.2 Self-Debugging
2.1.4 OutputDebugString
2.1.5 BlockInput
2.1.6 DeleteFiber
2.1.7 LDR
2.2 Based on Windows Internals
2.2.1 NtQueryObject
2.2.2 NtQuerySystemInformation
2.2.3 NtSetInformationThread
2.2.4 NtSetDebugFilterState
2.2.5 NtQueryInformationProcess
2.3 Based on Exception
2.3.1 UnHandledExceptionFilter
2.3.2 CloseHandle
2.3.3 int 3
2.3.4 int 2d
2.3.5 int 41
2.3.6 Prefix Handling
2.3.7 CMPXCHG8B and LOCK Prefix
2.3.8 Guard Pages
2.3.9 CLI & STI
2.3.10 SEH
2.4 Based on Break Points
2.4.1 Hardware Break Point
2.5 Based on Flags
2.5.1 BeingDebugged
2.5.2 Trap Flag
2.5.3 NtGlobal Flag
2.5.4 Heap Flag
2.6 Based on VM Detection
2.6.1 Red Pill
2.6.2 No Pill
2.6.3 SLDT
2.6.4 I/O Port
2.6.5 STR
2.6.6 SMSW
2.6.7 CPUID
2.6.8 MAC Address
2.6.9 ETC
2.7 Based on Timing
2.7.1 RDTSC
2.8 Based on Checksum
2.8.1 Hash Checking
2.9 Etc
2.9.1 Stack Segment
2.9.2 TLS Callback
2.9.3 CC Scanning
3. Anti-Disassembly
3.1 Code Obfuscating
3.1.1 Code Virtualizing
3.1.1 VFTable
3.1.1 Dummy Codes
3.2 Packing
3.2.1 benchmark
3.3 Anti-Dumping
3.3.1 Erase PE Header
3.3.2 PE Header Modification
3.3.3 Sections Modification
3.4 Etc
3.4.1 Fake Signatures
4. Conclusion
5. Reference
Anti-Reversing Techniques : 
Anti Revering Techniques [zer0day].pdf
궁금한 점이나 오류/타 있으면 알려주세요!
'Research > Reversing' 카테고리의 다른 글
| [Paper] Anti Reversing Techniques (2) | 2016.09.29 |
|---|