‘Antidebugging For (M)asses – Protecting the Enviroment’

Summary

The whitepaper linked here provides a few examples for antidebugging techniques that can be used under the Windows operating system.’

Credit:

‘The information has been provided by Piotr Bania.
The original article can be found at: http://pb.specialised.info/all/articles/antid.txt


Details

Introduction:
The number of computer hackers/crackers have reached a very high level recently. It is very hard to develop a product that will be secure against reverse engineering attacks, to be const-stricto it is surely impossible. However, if we can, why not make their dirty work harder?

The paper discusses several techniques:
 * Open CSRSS.EXE to detect SEH debugger
 * Use the CheckRemoteDebuggerPresent API provided by Windows XP
 * Protect ExitProcess to detect Softice/D*

The whitepaper can be found at: http://pb.specialised.info/all/articles/antid.txt

Categories: Reviews