Iran Expertise In Malware Anti-Debugging Guide

10 years ago

Iranian security expert C3phalex1n -Milad Kahsari Alahari- have published final part of article on malware analysis: Anti-Debugging Technique Part 2 on website: http://myfreetime.ir/blog/?p=381

Objectives of the article is:

1. Learning general mechanisms to control a pause instruction traps in x86 architecture

2. Learning the Byte Scission debugging technique

3. Learning how to use a debugger binary to control an app

This course can be used as a teaching module in following labs:

  • 1. Computer design
  • 2. Operating systems
  • 3. Fundamentals of programming languages
There are different reasons to use Anti-Debugging methods, but one of the main reasons why Hackers and professional malware programmers are using it is to increase the life of the program to carry out their covert activities. 
 
In principle when malwares detect a debugger they change their functions and operate differently to disguise their destructive identity or in some instances they even crash the debugger.

Anti-debugging techniques are used to make the Reverse Engineering techniques much harder but article asks how a malware can detect the presence of a debugger. There are different methods to do that covered in the article.

See more detail at: http://myfreetime.ir/blog/?p=381

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *