invalid-file차례
1. 서론
2. TECHNIQUES : DEBUGGER DETECTION
2.1 PEB.BEINGDEBUGGED FLAG: ISDEBUGGERPRESENT
2.2 PEB.NTGLOBALFLAG, HEAP.HEAPFLAGS, HEAP.FORCEFLAGS
2.3 DEBUGPORT: CHECKREMOTEDEBUGGERPRESENT() / NTQUERYINFORMATIONPROCESS
2.4 DEBUGGER INTERRUPTS
2.5 TIMING CHECKS
2.6 SEDEBUGPRIVILEGE
2.7 PARENT PROCESS
2.8 DEBUGOBJECT: NTQUERYOBJECT
2.9 DEBUGGER WINDOW
2.10 DEBUGGER PROCESS
2.11 DEVICE DRIVERS
2.12 OLLYDBG:GUARD PAGES
3. THCHMIQUES : BREAKPOINT AND PATCHING DETECTION
3.1 SOFRWARE BREAKPOINT DETECTION
3.2 HARDWARE BREAKPOINT DETECTION
3.3 PATCHING DETECTION VIA CODE CHECKSUM CALCULATION
4. TECHNIQUES:ANTI-ANALYSIS
4.1 ENCRYPTION AND COMPRESSION
4.2 GARBAGE CODE AND CODE PERMUTATION
4.3 ANTI-DISASSEMBLY
5. THCHNIQUES : DEBUGGER ATTACKS
5.1 MISDIRECTION AND STOPPING EXECUTION VIA EXCEPTIONS
5.2 BLOCKING INPUT
5.3 THREADHIDEFROMDEBUGGER
5.4 DISABLING BREAKPOINTS
5.5 UNHANDLED EXCEPTION FILTER
5.6 OLLYDBG:OUTPUTDEBUGSTRION() FORMAT STRING BUG
6.TECHNIQUES:ADVANCED AND OTHER TECHNIQUES
6.1 PROCESS INJECTION
6.2 DEBUGGER BLOCKER
6.3 TLS CALLBACKS
6.4 STOLEN BYTES
6.5 API REDIRECTION
6.6 MULTI-THREADED PACKERS
6.7 VIRTUAL MACHINES
7. TOOLS
7.1 OLLYDBG
7.2 OLLYSCRIPT
7.3 OLLY ADVANCED
7.4 OLLYDUMP
7.5 IMPREC
8. REFERENCES
출처 : BeistLab
