What tricks can be used to prevent or hinder debugging?
Examples:
IsDebuggerPresentAPI on Windows- Exception handlers used for program flow.
GetTickCount/rdtscchecks.
Are there any good resources on this kind of thing?
Asked
Active
Viewed 2,994 times
2
Polynomial
- 132,208
- 43
- 298
- 379
-
@AndrewSmith Care to substantiate your claims about banks using that technique? I've never heard of it. – Polynomial Aug 24 '12 at 05:56
-
1@Andrew - why write unsubstantiated and untrue nonsense? What makes you think any bank wants to obfuscate code and make their own debugging more difficult? – Rory Alsop Aug 24 '12 at 06:58
-
Better one silly idea then none! – Andrew Smith Aug 24 '12 at 15:59
-
@AndrewSmith I cannot describe how fundamentally opposed I am to that sentiment. – Polynomial Aug 24 '12 at 16:01
-
I also cannot describe how well I do understand it too. – Andrew Smith Aug 24 '12 at 16:02
1 Answers
3
You could begin looking at Symantec: http://www.symantec.com/connect/articles/windows-anti-debug-reference
And there is a question in Stackoverflow about anti-debugging tricks.
woliveirajr
- 4,462
- 2
- 17
- 26
-
Figured someone would drop the Symantec paper on here at some point :) – Polynomial Aug 23 '12 at 19:42
-