Anti-Unpacker Tricks ( by Peter Ferrie )

Anti-UnpackTricks.pdf

Anti-Unpacker Tricks

by Peter Ferrie, Senior Anti-Virus Researcher, Microsoft Corporation


1. Anti-Dumping
   - SizeOfImage
   - Erasing the header
   - Nanomites
   - Stolen Bytes
   - Guard Pages
   - Imports
   - Virtual machines

2. Anti-Debugging
   - PEB fields
   - Heap flags
   - The Heap
   - Special APIs
   - Hardware tricks
   - Process tricks
   - SoftICE-specific
   - OllyDbg-specific
   - HideDebugger-specific
   - ImmunityDebugger-specific
   - WinDbg-specific
   - Miscellaneous tools

3. Anti-Emulating
   - Software Interrupts
   - Time-locks
   - Invalid API parameters
   - GetProcAddress
   - GetProcAddress(internal)
   - "Modern" CPU instructions
   - Undocumented instructions
   - Selector verification
   - Memory layout
   - File-format tricks

4. Anti-Intercepting
   - Write -> Exec
   - Write ^ Exec

5. Miscellaneous
   - Fake signatures

[ 출처 : http://pferrie.tripod.com/papers/unpackers.pdf ]