반응형
Anti-UnpackTricks.pdfAnti-Unpacker Tricks
by Peter Ferrie, Senior Anti-Virus Researcher, Microsoft Corporation
1. Anti-Dumping
- SizeOfImage
- Erasing the header
- Nanomites
- Stolen Bytes
- Guard Pages
- Imports
- Virtual machines
2. Anti-Debugging
- PEB fields
- Heap flags
- The Heap
- Special APIs
- Hardware tricks
- Process tricks
- SoftICE-specific
- OllyDbg-specific
- HideDebugger-specific
- ImmunityDebugger-specific
- WinDbg-specific
- Miscellaneous tools
3. Anti-Emulating
- Software Interrupts
- Time-locks
- Invalid API parameters
- GetProcAddress
- GetProcAddress(internal)
- "Modern" CPU instructions
- Undocumented instructions
- Selector verification
- Memory layout
- File-format tricks
4. Anti-Intercepting
- Write -> Exec
- Write ^ Exec
5. Miscellaneous
- Fake signatures
[ 출처 : http://pferrie.tripod.com/papers/unpackers.pdf ]
반응형
'Reverse Engineering' 카테고리의 다른 글
| 3rd 코드엔진(CodeEngn) 컨퍼런스~!! (18) | 2009.06.24 |
|---|---|
| 간단한 안티-덤프 트릭~ ( LordPE, OllyDBG, etc... ) (6) | 2009.02.26 |
| Themida 의 API Wrapping 분석(?) (28) | 2008.11.20 |
| XP SP3 와 OllyAdvanced 문제..;;; (3) | 2008.05.15 |
| XP 서비스팩3 설치시~ Olly Advanced 비정상 동작~;; (3) | 2008.05.10 |
