Anti-Unpacker Tricks ( by Peter Ferrie )

Reverse Engineering 2009/02/25 11:55
Anti-UnpackTricks.pdf


Anti-Unpacker Tricks

by Peter Ferrie, Senior Anti-Virus Researcher, Microsoft Corporation


1. Anti-Dumping
   - SizeOfImage
   - Erasing the header
   - Nanomites
   - Stolen Bytes
   - Guard Pages
   - Imports
   - Virtual machines

2. Anti-Debugging
   - PEB fields
   - Heap flags
   - The Heap
   - Special APIs
   - Hardware tricks
   - Process tricks
   - SoftICE-specific
   - OllyDbg-specific
   - HideDebugger-specific
   - ImmunityDebugger-specific
   - WinDbg-specific
   - Miscellaneous tools

3. Anti-Emulating
   - Software Interrupts
   - Time-locks
   - Invalid API parameters
   - GetProcAddress
   - GetProcAddress(internal)
   - "Modern" CPU instructions
   - Undocumented instructions
   - Selector verification
   - Memory layout
   - File-format tricks

4. Anti-Intercepting
   - Write -> Exec
   - Write ^ Exec

5. Miscellaneous
   - Fake signatures

[ 출처 : http://pferrie.tripod.com/papers/unpackers.pdf ]

'Reverse Engineering' 카테고리의 다른 글

사람 난감하게 만든 '언인스톨러'...  (4) 2010/03/22
간단한 안티-덤프 트릭~ ( LordPE, OllyDBG, etc... )  (4) 2009/02/26
Anti-Unpacker Tricks ( by Peter Ferrie )  (3) 2009/02/25
Themida 의 API Wrapping 분석(?)  (20) 2008/11/20
올리디버거의 유용한 플러그인들~!  (4) 2008/11/18
XP SP3 와 OllyAdvanced 문제..;;;  (3) 2008/05/15
, , , , , , , , , ,
NO TRACKBACK AND COMMENT 3