Debugger Advanced Techniques For Anti-Debugging (ARM)


Соломенные сандалии
Advanced Techniques For Anti-Debugging (ARM)

In this dissertation we look for new strategies to protect software from debugging attacks. These
advanced anti-debugging techniques are based upon an existing self-debugging implementation
with migrated code fragments from the main application to the debugger’s context. Even though
this is a promising solution it does come with four flaws. First we will attempt to improve the
stealthiness of context switches between the application and its debugger. Secondly we look for
alternative ways to pass the destination address to the debugger’s context. Third, we develop
a method for validating and distinguishing explicit from randomly occurring context switches.
Finally we analyse different approaches to enhance the debugger’s protection against static and
dynamic analysis. Our research solely focuses on the protection of executable binaries, but it
may be generalized for other files such as dynamically linked libraries.

Прикрепленные файлы:

Верх Низ