In this module, we'll begin with some anti-debugging techniques such as NtGlobalFlag, FindWindow(), OutputDebugString(), int 0XCC scanning. Anti-debugging techniques slows down a Malware Analysts. We'll discuss the anti-virtual machine techniques such as process name check, timing checks, registry checks, anti-cuckoo, virtual MAC addresses, LDR_Module, VMware special I/O instructions and many more. Next, we'll see some anti-disassembly examples. We'll also discuss anti-anti-debugging techniques like hook function calls, running without a debugger and logging API calls or dumping memory, and modifying/patching the malware code. We'll then quickly recap the defense categories discussed earlier. To enhance your skills and expertise in the topic, you can read or refer to the following resources:
- Practical Malware Analysis
- Anti-Debugging – A Developer's Viewpoint
- Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies
Intro to Malware Analysis and Reverse Engineering
In this course you will learn how to perform dynamic and static analysis on all major files types, how to carve malicious executables from documents and how to recognize common malware tactics and debug and disassemble malicious binaries.