Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this module, we'll begin with some anti-debugging techniques such as NtGlobalFlag, FindWindow(), OutputDebugString(), int 0XCC scanning. Anti-debugging techniques slows down a Malware Analysts. We'll discuss the anti-virtual machine techniques such as process name check, timing checks, registry checks, anti-cuckoo, virtual MAC addresses, LDR_Module, VMware special I/O instructions and many more. Next, we'll see some anti-disassembly examples. We'll also discuss anti-anti-debugging techniques like hook function calls, running without a debugger and logging API calls or dumping memory, and modifying/patching the malware code. We'll then quickly recap the defense categories discussed earlier. To enhance your skills and expertise in the topic, you can read or refer to the following resources:
- Practical Malware Analysis
- Anti-Debugging – A Developer's Viewpoint
- Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies