Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments

In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on t...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Advances in Electrical and Computer Engineering Ročník 19; číslo 2; s. 23 - 28
Hlavní autoři: PARK, J., JANG, Y.-H., HONG, S., PARK, Y.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Suceava Stefan cel Mare University of Suceava 01.01.2019
Témata:
Algorithms
Analysis
API (Computer programming)
Behavior
Binary codes
computer hacking
computer security
Debugging
Experiments
Malware
Methods
Plug-in software
Protectors
Researchers
Reverse engineering
Software industry
software protection
Systems and data security software
Window systems
Windows (computer programs)
United States
ISSN:1582-7445, 1844-7600
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most widely used DBI (Dynamic Binary Instrumentation) tools in 80 x 86 environments. In this paper, we present an automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine, which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed scheme performs better than the most recent work, Apate. Index Terms--computer hacking, computer security, debugging, reverse engineering, software protection.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1582-7445
1844-7600
DOI:10.4316/AECE.2019.02003