Results 1 to 5 of 5

Thread: Collection of anti debug tricks

  1. #1

    Collection of anti debug tricks

    Searched on the forum and didn't find it.

    Alot of nice (and to me, new) ways of anti debugging tricks.

    http://www.securityfocus.com/infocus/1893

  2. #2
    Hi Harding:

    There is no problem with you posting the collection you found.

    Just wanted to point out that if you had searched with:

    anti-debugging tricks (in this case, either with, or without the "")

    you would have found around 28 Threads which discuss this topic.

    If you search with:

    anti debugging tricks (no hyphen)

    you should have found 8 Threads with references.

    Regards,
    JMI

  3. #3
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,149
    Blog Entries
    5
    Hi

    That link was already posted a couple of months ago in this forum, scan down the page for "collection of anti-debug tricks", but the contribution is always appreciated.

    Just for future reference, you don't need to obscure links with that http:// stuff here.

    Kayaker

  4. #4
    Squallsurf
    Guest
    I've just a pdf version of this reference, I've mail it to the author, Nicolas Falliere, who's agree of this pagination.

    Regards.
    Attached Images Attached Images
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    eheh one is very neat.
    pop ss won't break next instruction because it is executed in a strictly 'unblockable sequence' with interrupt disabled.
    If i remind it well, it was needed to avoid the unwanted hardware interrupt on old 16 bit to 'fall off' the stack segment pop, breaking the machine code flow... forever.
    THere are other critical instructions that share this behavior or have implicit memory locks (i.e. xchange, because it was initially used for lock sequences).
    Last edited by Maximus; November 18th, 2007 at 09:01.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

Similar Threads

  1. How to get around anti-disassembly tricks on Olly?
    By Sunk in forum The Newbie Forum
    Replies: 2
    Last Post: March 20th, 2012, 14:08
  2. Windows Anti-Debug Reference, nice collection of anti-debug tricks
    By dELTA in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: September 16th, 2007, 01:34
  3. PACE interlok TPKD anti-debug tricks
    By Exocist in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: May 4th, 2006, 05:01
  4. morpheus anti-sice tricks
    By ignatz in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: January 10th, 2002, 12:57
  5. anti disassembler tricks x86
    By dominator in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 4th, 2002, 13:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •