Evading anti-debugging techniques with binary substitution

Jae Keun Lee, Boo Joong Kang, Eul Gyu Im

Research output: Contribution to journalArticle

3 Scopus citations

Abstract

Anti-debugging technology refers to various ways of preventing binary files from being analyzed in debuggers or other virtual machine environments. If binary files conceal or modify themself using anti-debugging techniques, analyzing these binary files becomes harder. There are some anti-anti-debugging techniques proposed so far, but malware developers make dynamic analysis difficult using various ways, such as execution time delay, debugger detection techniques and so on. In this paper, we propose a Evading Anti-debugging techniques method that can avoid anti-debugging techniques in binary files, and showed several samples of anti-debugging applications and how to detect and patch anti-debugging techniques in common utilities or malicious code effectively.

Original languageEnglish
Pages (from-to)183-192
Number of pages10
JournalInternational Journal of Security and its Applications
Volume8
Issue number1
DOIs
StatePublished - 2014 Feb 20

Keywords

  • Anti-debugging detection
  • Dynamic analysis
  • Malware analysis
  • Static analysis

Fingerprint Dive into the research topics of 'Evading anti-debugging techniques with binary substitution'. Together they form a unique fingerprint.

  • Cite this