Searched on the forum and didn't find it.

Alot of nice (and to me, new) ways of anti debugging tricks.

http://www.securityfocus.com/infocus/1893

Hi Harding:

There is no problem with you posting the collection you found.

Just wanted to point out that if you had searched with:

anti-debugging tricks (in this case, either with, or without the "")

you would have found around 28 Threads which discuss this topic.

If you search with:

anti debugging tricks (no hyphen)

you should have found 8 Threads with references.

Regards,

Hi

That link was already posted a couple of months ago in this forum, scan down the page for "collection of anti-debug tricks", but the contribution is always appreciated.

Just for future reference, you don't need to obscure links with that hxxp:// stuff here.

Kayaker

I've just a pdf version of this reference, I've mail it to the author, Nicolas Falliere, who's agree of this pagination.

Regards.

eheh one is very neat.
pop ss won't break next instruction because it is executed in a strictly 'unblockable sequence' with interrupt disabled.
If i remind it well, it was needed to avoid the unwanted hardware interrupt on old 16 bit to 'fall off' the stack segment pop, breaking the machine code flow... forever.
THere are other critical instructions that share this behavior or have implicit memory locks (i.e. xchange, because it was initially used for lock sequences).